Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Packing List PDF.bat.exe

Overview

General Information

Sample name:Packing List PDF.bat.exe
Analysis ID:1432126
MD5:5a12438b3b4c926c12a9376c7bf13426
SHA1:c3185c6a5e5f07a5befbe4af7131d05634f5d1a3
SHA256:1a794211deaa0ecb6abc6101d7c1bd61111b4dd2d895ee7ecf78fbf17f4c9ab3
Tags:AgentTeslabatexeInvoice
Infos:

Detection

AgentTesla, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Adds a directory exclusion to Windows Defender
Found suspicious QR code URL
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Installs a global keyboard hook
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: Suspicious Schtasks From Env Var Folder
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Packing List PDF.bat.exe (PID: 5424 cmdline: "C:\Users\user\Desktop\Packing List PDF.bat.exe" MD5: 5A12438B3B4C926C12A9376C7BF13426)
    • powershell.exe (PID: 4112 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Packing List PDF.bat.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 3184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 4500 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\CmxzrHBB.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 5796 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 3936 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 4040 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp233A.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Packing List PDF.bat.exe (PID: 7348 cmdline: "C:\Users\user\Desktop\Packing List PDF.bat.exe" MD5: 5A12438B3B4C926C12A9376C7BF13426)
  • chrome.exe (PID: 7412 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:/// MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7684 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1960,i,13115366367868831849,127431275682310398,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • CmxzrHBB.exe (PID: 8048 cmdline: C:\Users\user\AppData\Roaming\CmxzrHBB.exe MD5: 5A12438B3B4C926C12A9376C7BF13426)
    • schtasks.exe (PID: 7244 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp5CD8.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7248 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • CmxzrHBB.exe (PID: 7264 cmdline: "C:\Users\user\AppData\Roaming\CmxzrHBB.exe" MD5: 5A12438B3B4C926C12A9376C7BF13426)
  • BjTxJte.exe (PID: 3424 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: 5A12438B3B4C926C12A9376C7BF13426)
    • schtasks.exe (PID: 4476 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp7AA1.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 1196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • BjTxJte.exe (PID: 3692 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: 5A12438B3B4C926C12A9376C7BF13426)
    • BjTxJte.exe (PID: 6512 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: 5A12438B3B4C926C12A9376C7BF13426)
  • BjTxJte.exe (PID: 1784 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: 5A12438B3B4C926C12A9376C7BF13426)
    • schtasks.exe (PID: 6352 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp9D6B.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 4424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • BjTxJte.exe (PID: 6616 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: 5A12438B3B4C926C12A9376C7BF13426)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.fascia-arch.com", "Username": "brian@fascia-arch.com", "Password": "HERbertstown1987"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000011.00000002.4479598758.00000000033DF000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000000.00000002.2125109850.00000000052F0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      00000009.00000002.4479652873.0000000002FFC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000000.00000002.2101387752.00000000037A9000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          0000000C.00000002.2227455760.0000000004BBE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 35 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.Packing List PDF.bat.exe.37a9970.4.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              12.2.CmxzrHBB.exe.4bbe350.2.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                12.2.CmxzrHBB.exe.4bbe350.2.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  12.2.CmxzrHBB.exe.4bbe350.2.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                  • 0x31cfe:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                  • 0x31d70:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                  • 0x31dfa:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                  • 0x31e8c:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                  • 0x31ef6:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                  • 0x31f68:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                  • 0x31ffe:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                  • 0x3208e:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                  0.2.Packing List PDF.bat.exe.52f0000.8.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    Click to see the 29 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Packing List PDF.bat.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Packing List PDF.bat.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Packing List PDF.bat.exe", ParentImage: C:\Users\user\Desktop\Packing List PDF.bat.exe, ParentProcessId: 5424, ParentProcessName: Packing List PDF.bat.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Packing List PDF.bat.exe", ProcessId: 4112, ProcessName: powershell.exe
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Packing List PDF.bat.exe, ProcessId: 7348, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BjTxJte
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Packing List PDF.bat.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Packing List PDF.bat.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Packing List PDF.bat.exe", ParentImage: C:\Users\user\Desktop\Packing List PDF.bat.exe, ParentProcessId: 5424, ParentProcessName: Packing List PDF.bat.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Packing List PDF.bat.exe", ProcessId: 4112, ProcessName: powershell.exe
                    Sigma detected: Suspicious Add Scheduled Task Parent
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp5CD8.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp5CD8.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\CmxzrHBB.exe, ParentImage: C:\Users\user\AppData\Roaming\CmxzrHBB.exe, ParentProcessId: 8048, ParentProcessName: CmxzrHBB.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp5CD8.tmp", ProcessId: 7244, ProcessName: schtasks.exe
                    Sigma detected: Suspicious Outbound SMTP Connections
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 50.87.195.61, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\Packing List PDF.bat.exe, Initiated: true, ProcessId: 7348, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49722
                    Sigma detected: Suspicious Schtasks From Env Var Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp233A.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp233A.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Packing List PDF.bat.exe", ParentImage: C:\Users\user\Desktop\Packing List PDF.bat.exe, ParentProcessId: 5424, ParentProcessName: Packing List PDF.bat.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp233A.tmp", ProcessId: 4040, ProcessName: schtasks.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Packing List PDF.bat.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Packing List PDF.bat.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Packing List PDF.bat.exe", ParentImage: C:\Users\user\Desktop\Packing List PDF.bat.exe, ParentProcessId: 5424, ParentProcessName: Packing List PDF.bat.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Packing List PDF.bat.exe", ProcessId: 4112, ProcessName: powershell.exe

                    Persistence and Installation Behavior

                    barindex
                    Sigma detected: Scheduled temp file as task from temp location
                    Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp233A.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp233A.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Packing List PDF.bat.exe", ParentImage: C:\Users\user\Desktop\Packing List PDF.bat.exe, ParentProcessId: 5424, ParentProcessName: Packing List PDF.bat.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp233A.tmp", ProcessId: 4040, ProcessName: schtasks.exe

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: Packing List PDF.bat.exeAvira: detected
                    Antivirus detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeAvira: detection malicious, Label: HEUR/AGEN.1309753
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeAvira: detection malicious, Label: HEUR/AGEN.1309753
                    Found malware configuration
                    Source: 24.2.BjTxJte.exe.47bfb08.6.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.fascia-arch.com", "Username": "brian@fascia-arch.com", "Password": "HERbertstown1987"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeReversingLabs: Detection: 36%
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeVirustotal: Detection: 41%Perma Link
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeReversingLabs: Detection: 36%
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeVirustotal: Detection: 41%Perma Link
                    Multi AV Scanner detection for submitted file
                    Source: Packing List PDF.bat.exeReversingLabs: Detection: 36%
                    Source: Packing List PDF.bat.exeVirustotal: Detection: 36%Perma Link
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: Packing List PDF.bat.exeJoe Sandbox ML: detected

                    Phishing

                    barindex
                    Found suspicious QR code URL
                    Source: QR Code extractorURL: http://
                    Source: QR Code extractorURL: http://
                    Source: Packing List PDF.bat.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49733 version: TLS 1.0
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.5:49707 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.5:49719 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.5:49721 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49724 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.5:49725 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.5:49734 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.5:49736 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49738 version: TLS 1.2
                    Source: Packing List PDF.bat.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 4x nop then jmp 06EB3EAAh0_2_06EB3549
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 4x nop then jmp 06EB3EAAh0_2_06EB3378
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 4x nop then jmp 06EB3EAAh0_2_06EB3667
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 4x nop then jmp 06EB3EAAh0_2_06EB3491
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 4x nop then jmp 06EB3EAAh0_2_06EB340F
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 4x nop then jmp 06EB3EAAh0_2_06EB3399
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 4x nop then jmp 06EB3EAAh0_2_06EB393E
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 4x nop then jmp 098F314Ah24_2_098F27E9
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 4x nop then jmp 098F314Ah24_2_098F2618
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 4x nop then jmp 098F314Ah24_2_098F2907
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 4x nop then jmp 098F314Ah24_2_098F2BDF
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 4x nop then jmp 098F314Ah24_2_098F272C
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 4x nop then jmp 098F314Ah24_2_098F26AF
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 4x nop then jmp 098F314Ah24_2_098F2639
                    Source: global trafficTCP traffic: 192.168.2.5:49722 -> 50.87.195.61:587
                    Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
                    Source: Joe Sandbox ViewIP Address: 50.87.195.61 50.87.195.61
                    Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                    Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                    Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
                    Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
                    Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: global trafficTCP traffic: 192.168.2.5:49722 -> 50.87.195.61:587
                    Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49733 version: TLS 1.0
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGM3DrrEGIjDy4V0_H3Yjc85slo8hhBKKQ10ZDiDsFUznR22jXujdUr7c3uzDt_B_DWQMzTa2E2wyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-12; NID=513=XLUDzZxOMdVXuOYMhfAbe4bdNk2K2exdFpQnpeTHF3w8Et9_s1MhyGgtvcuJ2SIWE4aCCH9ABgYjTnt--4H-3euCr8x1eBR6pjMAnllj44KLfAs4Jo62xCigsfCuoJSLXRPe-ZXMqCdhpSRtXvo2NPXQbhphJ3GVLSPGf28pqf4
                    Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
                    Source: global trafficHTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGM3DrrEGIjCh-Z92sb0-vV99vzjR5lAr82DSiquRDqbOuOzSa8pK8DSxKaDTVvY45j6P2ULr1Z8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-12; NID=513=mMwiw4i0Kg58TTLAfuzRFCNDrdt6qwnOhwTNm1zMsMCP1dGlXLmTa0kzpQcLyF6P50Sf94ZabynScJyuWhwCFMWTpg495oU_fLCrOIoAsVde5D2-m59sw9uOxHKSpJ_FTS1F9OwvnS04IYxy_P3JBoIuP5uc4RIsbcr8pbEEr-U
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oECBsU8SvDWmGwB&MD=GeXZP6XL HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oECBsU8SvDWmGwB&MD=GeXZP6XL HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                    Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                    Source: global trafficDNS traffic detected: DNS query: www.google.com
                    Source: global trafficDNS traffic detected: DNS query: mail.fascia-arch.com
                    Source: unknownHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1714135479960&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
                    Source: Packing List PDF.bat.exe, 00000009.00000002.4479652873.0000000002FFC000.00000004.00000800.00020000.00000000.sdmp, Packing List PDF.bat.exe, 00000009.00000002.4479652873.0000000003014000.00000004.00000800.00020000.00000000.sdmp, Packing List PDF.bat.exe, 00000009.00000002.4479652873.000000000314C000.00000004.00000800.00020000.00000000.sdmp, CmxzrHBB.exe, 00000011.00000002.4479598758.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000017.00000002.4480419660.0000000002F9D000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000017.00000002.4480419660.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000017.00000002.4480419660.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000017.00000002.4480419660.0000000002EC4000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000017.00000002.4480419660.000000000306D000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000017.00000002.4480419660.0000000002EAC000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4479020236.0000000003144000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4479020236.00000000031E4000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4479020236.000000000312C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.fascia-arch.com
                    Source: Packing List PDF.bat.exe, 00000000.00000002.2098296618.000000000280B000.00000004.00000800.00020000.00000000.sdmp, Packing List PDF.bat.exe, 00000000.00000002.2098296618.0000000002A36000.00000004.00000800.00020000.00000000.sdmp, Packing List PDF.bat.exe, 00000009.00000002.4479652873.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, CmxzrHBB.exe, 0000000C.00000002.2225583854.00000000031B6000.00000004.00000800.00020000.00000000.sdmp, CmxzrHBB.exe, 00000011.00000002.4479598758.0000000003341000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.2308900332.0000000003026000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000017.00000002.4480419660.0000000002E3C000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.2385416569.0000000002ACB000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.2385416569.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4479020236.00000000030B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Packing List PDF.bat.exe, 00000000.00000002.2101387752.00000000044FB000.00000004.00000800.00020000.00000000.sdmp, Packing List PDF.bat.exe, 00000009.00000002.4468382854.0000000000433000.00000040.00000400.00020000.00000000.sdmp, CmxzrHBB.exe, 0000000C.00000002.2227455760.0000000004BBE000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.2392274425.00000000047BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: Packing List PDF.bat.exe, 00000000.00000002.2101387752.00000000044FB000.00000004.00000800.00020000.00000000.sdmp, Packing List PDF.bat.exe, 00000009.00000002.4479652873.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, Packing List PDF.bat.exe, 00000009.00000002.4468382854.0000000000433000.00000040.00000400.00020000.00000000.sdmp, CmxzrHBB.exe, 0000000C.00000002.2227455760.0000000004BBE000.00000004.00000800.00020000.00000000.sdmp, CmxzrHBB.exe, 00000011.00000002.4479598758.0000000003341000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000017.00000002.4480419660.0000000002E3C000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.2392274425.00000000047BF000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4479020236.00000000030B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                    Source: Packing List PDF.bat.exe, 00000009.00000002.4479652873.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, CmxzrHBB.exe, 00000011.00000002.4479598758.0000000003341000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000017.00000002.4480419660.0000000002E3C000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4479020236.00000000030B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                    Source: Packing List PDF.bat.exe, 00000009.00000002.4479652873.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, CmxzrHBB.exe, 00000011.00000002.4479598758.0000000003341000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000017.00000002.4480419660.0000000002E3C000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4479020236.00000000030B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.5:49707 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.5:49719 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.5:49721 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49724 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.5:49725 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.5:49734 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.5:49736 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49738 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Installs a global keyboard hook
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\Packing List PDF.bat.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\CmxzrHBB.exe
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeWindow created: window name: CLIPBRDWNDCLASS
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow created: window name: CLIPBRDWNDCLASS
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow created: window name: CLIPBRDWNDCLASS

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 12.2.CmxzrHBB.exe.4bbe350.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 24.2.BjTxJte.exe.47fab28.8.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 12.2.CmxzrHBB.exe.4bf9370.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 24.2.BjTxJte.exe.47fab28.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 12.2.CmxzrHBB.exe.4bf9370.4.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 24.2.BjTxJte.exe.47bfb08.6.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Packing List PDF.bat.exe.4535ff8.6.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Packing List PDF.bat.exe.4535ff8.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 24.2.BjTxJte.exe.47bfb08.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 12.2.CmxzrHBB.exe.4bbe350.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 0_2_00E3D2A40_2_00E3D2A4
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 0_2_06EB49610_2_06EB4961
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 0_2_06EB66680_2_06EB6668
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_015A41F89_2_015A41F8
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_015AEBF09_2_015AEBF0
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_015A4AC89_2_015A4AC8
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_015AADF89_2_015AADF8
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_015A3EB09_2_015A3EB0
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_06CA27509_2_06CA2750
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_06CA65C89_2_06CA65C8
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_06CA7D489_2_06CA7D48
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_06CA55689_2_06CA5568
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_06CAB1F89_2_06CAB1F8
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_06CAC1389_2_06CAC138
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_06CA76689_2_06CA7668
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_06CA5CC09_2_06CA5CC0
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_06CAE3609_2_06CAE360
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_06CA00409_2_06CA0040
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_06D91DC89_2_06D91DC8
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_06D91DC29_2_06D91DC2
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_0177D2A412_2_0177D2A4
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_056B8D0812_2_056B8D08
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_056B004012_2_056B0040
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_056B000612_2_056B0006
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_056B8CF912_2_056B8CF9
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074C23E012_2_074C23E0
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074C20C812_2_074C20C8
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074CC77212_2_074CC772
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074C168812_2_074C1688
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074C144112_2_074C1441
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074C145012_2_074C1450
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074C23D112_2_074C23D1
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074C021912_2_074C0219
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074C022812_2_074C0228
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074C306012_2_074C3060
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074C307012_2_074C3070
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074C000612_2_074C0006
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074CF0C212_2_074CF0C2
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074CF0D012_2_074CF0D0
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074C10D112_2_074C10D1
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074C10E012_2_074C10E0
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074C20B812_2_074C20B8
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074C5F6112_2_074C5F61
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074C5F7012_2_074C5F70
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074CCFE712_2_074CCFE7
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074CCFF812_2_074CCFF8
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074CEC9812_2_074CEC98
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074CCBB112_2_074CCBB1
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074C490E12_2_074C490E
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_074C491012_2_074C4910
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077D276812_2_077D2768
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077DEF8012_2_077DEF80
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077DD32012_2_077DD320
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077D004012_2_077D0040
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077DEF7012_2_077DEF70
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077D2E8012_2_077D2E80
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077DD31B12_2_077DD31B
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077FF58012_2_077FF580
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077FEB1812_2_077FEB18
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077F53B812_2_077F53B8
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077FE29012_2_077FE290
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077F49F812_2_077F49F8
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077FEFE012_2_077FEFE0
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077FD78012_2_077FD780
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077F6CB812_2_077F6CB8
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077F6CAF12_2_077F6CAF
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077F53B312_2_077F53B3
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077F512012_2_077F5120
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077F511312_2_077F5113
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077F49EF12_2_077F49EF
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_031541F817_2_031541F8
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_03154AC817_2_03154AC8
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_03153EB017_2_03153EB0
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_0315ADE817_2_0315ADE8
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_0315EBEF17_2_0315EBEF
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_06F0B60817_2_06F0B608
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_06F0343017_2_06F03430
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_06F065C817_2_06F065C8
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_06F0556817_2_06F05568
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_06F07D4817_2_06F07D48
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_06F0B1E817_2_06F0B1E8
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_06F0C13817_2_06F0C138
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_06F0766817_2_06F07668
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_06F05CAF17_2_06F05CAF
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_06F0E36017_2_06F0E360
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_06F0004017_2_06F00040
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_06FF1DC817_2_06FF1DC8
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_06FF1DC217_2_06FF1DC2
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_02F0D2A419_2_02F0D2A4
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_075123E019_2_075123E0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_075120C819_2_075120C8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0751168819_2_07511688
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0751145019_2_07511450
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0751144119_2_07511441
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_075123D119_2_075123D1
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0751021919_2_07510219
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0751022819_2_07510228
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0751307019_2_07513070
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0751306019_2_07513060
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0751000619_2_07510006
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_075110D119_2_075110D1
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0751F0D019_2_0751F0D0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0751F0C319_2_0751F0C3
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_075110E019_2_075110E0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_075120B819_2_075120B8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_07515F7019_2_07515F70
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_07515F6119_2_07515F61
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0751CFF819_2_0751CFF8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0751CFE719_2_0751CFE7
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0751EC9819_2_0751EC98
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0751CBB119_2_0751CBB1
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0751491019_2_07514910
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0751490119_2_07514901
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 23_2_02D741F823_2_02D741F8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 23_2_02D74AC823_2_02D74AC8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 23_2_02D7E9F823_2_02D7E9F8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 23_2_02D73EB023_2_02D73EB0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 23_2_02D7ACD823_2_02D7ACD8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 23_2_068F343823_2_068F3438
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 23_2_068F65D023_2_068F65D0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 23_2_068F7D5023_2_068F7D50
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 23_2_068F557023_2_068F5570
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 23_2_068FB20023_2_068FB200
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 23_2_068FC14023_2_068FC140
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 23_2_068F767023_2_068F7670
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 23_2_068F5CC823_2_068F5CC8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 23_2_068FE36823_2_068FE368
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 23_2_068F004023_2_068F0040
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 23_2_069E1DC823_2_069E1DC8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 23_2_069E1DC223_2_069E1DC2
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 23_2_068F000723_2_068F0007
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_00E7D2A424_2_00E7D2A4
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_04F78D0824_2_04F78D08
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_04F7004024_2_04F70040
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_04F78CF924_2_04F78CF9
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_04F757E024_2_04F757E0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_085420C824_2_085420C8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_085423E024_2_085423E0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_0854491024_2_08544910
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_0854490E24_2_0854490E
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_0854CBB124_2_0854CBB1
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_0854EC9824_2_0854EC98
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_08545F7024_2_08545F70
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_08545F6124_2_08545F61
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_0854CFF824_2_0854CFF8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_0854CFE724_2_0854CFE7
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_0854307024_2_08543070
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_0854306024_2_08543060
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_0854000624_2_08540006
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_0854300F24_2_0854300F
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_0854F0D024_2_0854F0D0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_085410D124_2_085410D1
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_0854F0CC24_2_0854F0CC
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_085410E024_2_085410E0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_085420B824_2_085420B8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_0854021924_2_08540219
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_0854022824_2_08540228
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_085423D124_2_085423D1
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_0854145024_2_08541450
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_0854144124_2_08541441
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_0854168824_2_08541688
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_0854C77224_2_0854C772
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_098F3C1024_2_098F3C10
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 24_2_098F590824_2_098F5908
                    Source: Packing List PDF.bat.exe, 00000000.00000000.1992311021.000000000048E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameygo.exe" vs Packing List PDF.bat.exe
                    Source: Packing List PDF.bat.exe, 00000000.00000002.2093723038.0000000000BAE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Packing List PDF.bat.exe
                    Source: Packing List PDF.bat.exe, 00000000.00000002.2126291868.0000000009E70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Packing List PDF.bat.exe
                    Source: Packing List PDF.bat.exe, 00000000.00000002.2098296618.000000000280B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamec0fe0520-5c7a-42ab-a1ed-336010ccc94a.exe4 vs Packing List PDF.bat.exe
                    Source: Packing List PDF.bat.exe, 00000000.00000002.2101387752.00000000044FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamec0fe0520-5c7a-42ab-a1ed-336010ccc94a.exe4 vs Packing List PDF.bat.exe
                    Source: Packing List PDF.bat.exe, 00000000.00000002.2101387752.0000000004197000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Packing List PDF.bat.exe
                    Source: Packing List PDF.bat.exe, 00000009.00000002.4515429764.0000000006A33000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameygo.exe" vs Packing List PDF.bat.exe
                    Source: Packing List PDF.bat.exe, 00000009.00000002.4469933000.00000000010F9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Packing List PDF.bat.exe
                    Source: Packing List PDF.bat.exeBinary or memory string: OriginalFilenameygo.exe" vs Packing List PDF.bat.exe
                    Source: Packing List PDF.bat.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 12.2.CmxzrHBB.exe.4bbe350.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 24.2.BjTxJte.exe.47fab28.8.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 12.2.CmxzrHBB.exe.4bf9370.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 24.2.BjTxJte.exe.47fab28.8.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 12.2.CmxzrHBB.exe.4bf9370.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 24.2.BjTxJte.exe.47bfb08.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Packing List PDF.bat.exe.4535ff8.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Packing List PDF.bat.exe.4535ff8.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 24.2.BjTxJte.exe.47bfb08.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 12.2.CmxzrHBB.exe.4bbe350.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: Packing List PDF.bat.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: CmxzrHBB.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.Packing List PDF.bat.exe.37a9970.4.raw.unpack, V4uC3Iifq56IKQcfry.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.Packing List PDF.bat.exe.37a9970.4.raw.unpack, V4uC3Iifq56IKQcfry.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.Packing List PDF.bat.exe.52f0000.8.raw.unpack, V4uC3Iifq56IKQcfry.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.Packing List PDF.bat.exe.52f0000.8.raw.unpack, V4uC3Iifq56IKQcfry.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, UED8nSsSYePQNI2weW.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, UED8nSsSYePQNI2weW.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, voSuBxrqvhvwCGt0IG.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, voSuBxrqvhvwCGt0IG.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, voSuBxrqvhvwCGt0IG.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, voSuBxrqvhvwCGt0IG.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, voSuBxrqvhvwCGt0IG.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, voSuBxrqvhvwCGt0IG.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.Packing List PDF.bat.exe.27fb850.3.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: 0.2.Packing List PDF.bat.exe.4ee0000.7.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: 0.2.Packing List PDF.bat.exe.2a14374.0.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: 0.2.Packing List PDF.bat.exe.2a03d14.1.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: 0.2.Packing List PDF.bat.exe.280bbf0.2.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winEXE@48/28@4/5
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeFile created: C:\Users\user\AppData\Roaming\CmxzrHBB.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7184:120:WilError_03
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMutant created: \Sessions\1\BaseNamedObjects\AOuiwYryICQkuBzgtXYDE
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7248:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4424:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1196:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3184:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5796:120:WilError_03
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeFile created: C:\Users\user\AppData\Local\Temp\tmp233A.tmpJump to behavior
                    Source: Packing List PDF.bat.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Packing List PDF.bat.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: BjTxJte.exe.9.dr, CmxzrHBB.exe.0.drBinary or memory string: UPDATE [AdventureWorksLT2008R2].[SalesLT].[Customer] SET FirstName = @firstName, LastName = @lastName, EmailAddress = @emailAddress, Title = @title, MiddleName = @middleName, Suffix = @suffix, CompanyName = @companyName, SalesPerson = @salesPerson, Phone = @phone, PasswordHash = @passwordHash, PasswordSalt = @passwordSalt, rowguid = @rowguid WHERE CustomerID = @CustomerID;SELECT * FROM [AdventureWorksLT2008R2].[SalesLT].[Customer] WHERE CustomerId = @CustomerID
                    Source: Packing List PDF.bat.exeReversingLabs: Detection: 36%
                    Source: Packing List PDF.bat.exeVirustotal: Detection: 36%
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeFile read: C:\Users\user\Desktop\Packing List PDF.bat.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\Packing List PDF.bat.exe "C:\Users\user\Desktop\Packing List PDF.bat.exe"
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Packing List PDF.bat.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\CmxzrHBB.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp233A.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess created: C:\Users\user\Desktop\Packing List PDF.bat.exe "C:\Users\user\Desktop\Packing List PDF.bat.exe"
                    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1960,i,13115366367868831849,127431275682310398,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\CmxzrHBB.exe C:\Users\user\AppData\Roaming\CmxzrHBB.exe
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp5CD8.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess created: C:\Users\user\AppData\Roaming\CmxzrHBB.exe "C:\Users\user\AppData\Roaming\CmxzrHBB.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp7AA1.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp9D6B.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Packing List PDF.bat.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\CmxzrHBB.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp233A.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess created: C:\Users\user\Desktop\Packing List PDF.bat.exe "C:\Users\user\Desktop\Packing List PDF.bat.exe"Jump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1960,i,13115366367868831849,127431275682310398,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp5CD8.tmp"
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess created: C:\Users\user\AppData\Roaming\CmxzrHBB.exe "C:\Users\user\AppData\Roaming\CmxzrHBB.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp7AA1.tmp"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp9D6B.tmp"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: dwrite.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: propsys.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: urlmon.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: iertutil.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: srvcli.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: netutils.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: appresolver.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: bcp47langs.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: slc.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: sppc.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: wbemcomn.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: rasapi32.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: rasman.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: rtutils.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: secur32.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: ntmarta.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: vaultcli.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dwrite.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: propsys.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: urlmon.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: iertutil.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: srvcli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: netutils.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: appresolver.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: bcp47langs.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: slc.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sppc.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wbemcomn.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasapi32.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasman.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rtutils.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: secur32.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vaultcli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dwrite.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: propsys.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: urlmon.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: iertutil.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: srvcli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: netutils.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: appresolver.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: bcp47langs.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: slc.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sppc.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wbemcomn.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasapi32.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasman.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rtutils.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: secur32.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vaultcli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: Packing List PDF.bat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: Packing List PDF.bat.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Data Obfuscation

                    barindex
                    .NET source code contains method to dynamically call methods (often used by packers)
                    Source: 0.2.Packing List PDF.bat.exe.37a9970.4.raw.unpack, V4uC3Iifq56IKQcfry.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Source: 0.2.Packing List PDF.bat.exe.52f0000.8.raw.unpack, V4uC3Iifq56IKQcfry.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    .NET source code contains potential unpacker
                    Source: Packing List PDF.bat.exe, Customer.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                    Source: CmxzrHBB.exe.0.dr, Customer.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, voSuBxrqvhvwCGt0IG.cs.Net Code: Gm8viAaHw2 System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, voSuBxrqvhvwCGt0IG.cs.Net Code: Gm8viAaHw2 System.Reflection.Assembly.Load(byte[])
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 0_2_04D39EA0 push eax; mov dword ptr [esp], ecx0_2_04D39EA4
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_015A0C3D push edi; ret 9_2_015A0CC2
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_015A0C95 push edi; retf 9_2_015A0C3A
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_06D980E5 push esp; iretd 9_2_06D980ED
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_06D92CCD pushad ; ret 9_2_06D92CCF
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_06D92C97 pushad ; ret 9_2_06D92C98
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_06D92C2C pushad ; ret 9_2_06D92C2E
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_06D92D18 pushad ; ret 9_2_06D92D19
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_06D92D02 pushad ; ret 9_2_06D92D03
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_06D91658 push cs; retf 9_2_06D9165B
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeCode function: 9_2_06D97AC0 push esp; iretd 9_2_06D97AC9
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_0177E920 pushad ; retf 12_2_0177E929
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_05719EA0 push eax; mov dword ptr [esp], ecx12_2_05719EA4
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_05719E8F push eax; mov dword ptr [esp], ecx12_2_05719EA4
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_0571A980 push eax; ret 12_2_0571A9B3
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077D1547 push FFFFFF8Bh; iretd 12_2_077D155F
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077D13D2 push FFFFFF8Bh; iretd 12_2_077D13D7
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077DF87D pushad ; retf 12_2_077DF87E
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077DE848 push ds; iretd 12_2_077DE84A
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077DE84B push ds; iretd 12_2_077DE852
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077DF887 pushad ; retf 12_2_077DF888
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 12_2_077FAAB2 push ds; ret 12_2_077FAAB3
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_0315EFA0 push eax; retf 0590h17_2_0315F085
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_03150C3D push edi; ret 17_2_03150CC2
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_06FF80E5 push esp; iretd 17_2_06FF80ED
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_06FF1658 push cs; retf 17_2_06FF165B
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeCode function: 17_2_06FF7AD0 push esp; iretd 17_2_06FF7AD9
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_054A9EA0 push eax; mov dword ptr [esp], ecx19_2_054A9EA4
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 23_2_02D7AA28 pushfd ; iretd 23_2_02D7AA29
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 23_2_02D70C95 push edi; retf 23_2_02D70C3A
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 23_2_02D70C3D push edi; ret 23_2_02D70CC2
                    Source: Packing List PDF.bat.exeStatic PE information: section name: .text entropy: 7.966229540077175
                    Source: CmxzrHBB.exe.0.drStatic PE information: section name: .text entropy: 7.966229540077175
                    Source: 0.2.Packing List PDF.bat.exe.37a9970.4.raw.unpack, V4uC3Iifq56IKQcfry.csHigh entropy of concatenated method names: 'JcqLcnHE8kRk7VHJhl', 'baAwnpSkPWAs4YMGxr', 'wTgrto4LNQ', 'imnL6GCB6AIFRqkhxN', 'RgtTUJcyZL', 'dHYrbjNADO', 'xiCr8b7Qs6', 'PT2rZj37UR', 'P1WruDgOtu', 'd71eKLY6YVFQv'
                    Source: 0.2.Packing List PDF.bat.exe.37a9970.4.raw.unpack, vpednoN8EZgsJ4TDwx.csHigh entropy of concatenated method names: 'SvRTLtpnA', 'uJwWpedno', 'REZpgsJ4T', 'uwxys3A5Q', 'Tl3iTkB7U', 'EqRFtDP16', 'TW5lfqidm', 'wSKAUGlNW', 'LkrevaXpK', 'cwu0Op5AT'
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, GZtNwY1f4B37WpsgRm9.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'N4F6D5eZB7', 'iaC6PKQiyD', 'jcL6O7ipUZ', 'Fjk61K61rh', 'XAn6GB7tsx', 'LAR6VpyPpu', 'bjg6L5bfKc'
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, NQTCHD9CQHVeLFMxVU.csHigh entropy of concatenated method names: 'hVEaZY0AoN', 'HbbaRniEZV', 'ccpa558bBn', 'VVAa4XAmtZ', 'lkUaQjToPs', 'r3Xasdsuhe', 'V5Z3GQeA8kLBymqDbx', 'akkn7JxACHgLeA9gPK', 'JkGaaCtm5T', 'aE2aSW0X5r'
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, ukR26U5gGxNhCahaWQ.csHigh entropy of concatenated method names: 'xcVyxUSreX', 'r9pycrriE2', 'Hx7X0Z6jPj', 'vdLXM4Ht4x', 'IZHXbb6bLt', 'WqhXUQmGEt', 'WwyXr5uUcZ', 'PFAXd07u4y', 'C3uX9i6ptW', 'utQXeBcCZw'
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, MRJ6VaqbQOpRMkw4tM.csHigh entropy of concatenated method names: 'gtnZNknjle', 'BvXZBqxu9p', 'MGvZiWWGrj', 'BdtZTnRLQw', 'F7FZxZBXI3', 'g75ZqFNtk7', 'uGTZcqEVqX', 'GJ4ZmbNnIo', 'HONZnMkHrY', 'vJnZgVccBh'
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, GXNUldXKd7aoE6y9Ks.csHigh entropy of concatenated method names: 'Dispose', 'M0jau8KaKf', 'FNClwccudO', 'EpVooPBNHc', 'iwOatq0YjY', 'ndZazOFHRu', 'ProcessDialogKey', 'E2Tl7g0wa1', 'JTVlaEVyOe', 'Ekgll5ULHp'
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, smsncKl7aHrvmmVQjC.csHigh entropy of concatenated method names: 'nNJjhaxSQd', 'G4ajtIVwdI', 'JKIk7Z1XbU', 'oX4kaAWfTb', 'yNIjHtrqcB', 'EvWjCXNqrm', 'mt2jAvCfjS', 'bnWjDp0XrL', 'XsvjP1luql', 'r9sjO5lW0k'
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, ahXNw9HYE2AMNyAxgf.csHigh entropy of concatenated method names: 'bJPit5Kin', 'xetTeLcCp', 'EeAq9Fwut', 'iWCcU22ih', 'S5QnVR6tp', 'YCjg7ICw0', 'vHnhUbdKpaflcJegbV', 'xKmSmHOhMvjSp4Bvta', 'AcSvYNrxocdFvUJZ0s', 'kExkNIk7f'
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, Bi9qbn6xkRFk7MGegg.csHigh entropy of concatenated method names: 'P2VQe9rB7c', 'aSvQCLeI5j', 'QahQDlGtXi', 'GuVQPMwVHV', 'g2jQwjIue3', 'h62Q0Cpwib', 'MiRQMCukWR', 'aFvQbuAStC', 'atcQUPVLn3', 'RsSQrTu9dJ'
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, gHvwOk11NV2bvbKgMkh.csHigh entropy of concatenated method names: 'ToString', 'FJG6SM1TKU', 'Wjq6vELMSZ', 'opK6J9708Y', 'HNp63AkL3V', 'csu68LMr61', 'KOZ6XDhUT8', 'mlM6yelhgF', 'cjODZ8Hl2rEHh44duT6', 'EPaGmkH552qPYG9xLYs'
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, voSuBxrqvhvwCGt0IG.csHigh entropy of concatenated method names: 'EAoSJUpVTE', 'dTdS3bNwrG', 'lQ8S8pTq5V', 'HeHSXQ8q9o', 'EG7SySiN4p', 'EHdSY5kDjI', 'iEZSZ071Yc', 'W0ESRrMokD', 'SDaSfy0uwl', 'qPdS5uVeew'
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, cqwYeOgifeDiH9GiAv.csHigh entropy of concatenated method names: 'MGnXTN4OQM', 'oCHXqseMXR', 'htVXmsIUZX', 'vduXnehulr', 'VHAXQ6E444', 'IXtXsBB5ul', 'INWXj1QhZD', 'S7CXkKZmpL', 'Ja5XKlnHEO', 'CDXX6ksVu5'
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, qSPQ2MD5SmkZrKjp26.csHigh entropy of concatenated method names: 'RyXKa3w1iW', 'espKSOdLnq', 'IEkKve7Ro8', 'SZ2K3pT6wT', 'lquK8l5Mp3', 'S8TKyyNJet', 'nOIKYrjlNT', 'KbUkLYN14w', 'xtjkhpw4FE', 'St1kuMndWa'
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, UED8nSsSYePQNI2weW.csHigh entropy of concatenated method names: 'ewv8DdSUOR', 'R6H8PbKJ3Q', 'B0c8O3IAo9', 'x3A81Yrdx2', 'YtL8G14TwZ', 'mSG8VCwDwV', 'nNd8Lbl0hP', 'Rcx8h8jyYq', 'xj38uLGIwI', 'VE98tnLcKk'
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, ojiHTL7xXDd3DKjOXI.csHigh entropy of concatenated method names: 'ToString', 'NogsHFu67S', 'phdswPWoM2', 'zOds0t3mZ4', 'RhmsMmV9oI', 'Q9csb6rgde', 'LfBsUIdMEA', 'gYrsrcMcmK', 'V6Esd39fGf', 'axns9xiqYh'
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, e4MZ7uPbvHkqw0jGbj.csHigh entropy of concatenated method names: 'z4Skpy1KJn', 'Uqikwqwdgu', 's2Sk0H9dKm', 'KWTkMlEioX', 'xpykDFZAZA', 'k1jkbtgKQJ', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, qnWEKiQF117VNjAOLn.csHigh entropy of concatenated method names: 'MmsEmAecYn', 'nFLEnAiSj3', 'r0TEpWs43v', 'OM3EwjEcnx', 'wJEEMENpnw', 'hLYEbveTgc', 'SfaEruOMsQ', 'jlTEdiyjC3', 'UnBEeCJfX1', 'J6lEHCU7Fr'
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, qovfK4tlQykrH9Zid6.csHigh entropy of concatenated method names: 'CtDYJi74mJ', 'ILAY8sBJ0V', 'nQeYyl8rZa', 'nnfYZpECS7', 'z0kYRmwVlV', 'BG2yGSexR7', 'BXmyVq4nEe', 'e8kyL8nYRm', 'TyJyhuYVdJ', 'a3dyulrEqJ'
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, bZVYUESqKCWoGNmrFC.csHigh entropy of concatenated method names: 'jDeZ34bqbM', 'USWZX6HCcn', 'uHZZYT1cF4', 'WotYteiFfL', 'vXZYzeNEui', 'DdkZ7SUv1f', 'fLoZaffj4g', 'rhKZlQfDvP', 's9yZSLxxjE', 'Vd4ZvKyMmG'
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, RPerEpvwrny7trynCf.csHigh entropy of concatenated method names: 'pymk3GGeL8', 'reck8HwKGg', 'ah3kXEDsZx', 'GIskyCU6ws', 'onSkYmqG4h', 'd2EkZEgo0C', 'MWrkRHGrLT', 'RMYkf9GKxe', 'v5Gk5nkRx5', 'vDYk4AbLmJ'
                    Source: 0.2.Packing List PDF.bat.exe.439f350.5.raw.unpack, uu9DYP10fZ9iuCjrufe.csHigh entropy of concatenated method names: 'hniKNiygR2', 'u6oKBieOD0', 'WUfKispUYs', 'HbxKTJusKk', 'hjpKxMmOLI', 'WBSKqbDTq9', 'dh6KcWNcXn', 'YdcKm1gGwl', 'xUvKng5QVL', 'QrkKg2ppSK'
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, GZtNwY1f4B37WpsgRm9.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'N4F6D5eZB7', 'iaC6PKQiyD', 'jcL6O7ipUZ', 'Fjk61K61rh', 'XAn6GB7tsx', 'LAR6VpyPpu', 'bjg6L5bfKc'
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, NQTCHD9CQHVeLFMxVU.csHigh entropy of concatenated method names: 'hVEaZY0AoN', 'HbbaRniEZV', 'ccpa558bBn', 'VVAa4XAmtZ', 'lkUaQjToPs', 'r3Xasdsuhe', 'V5Z3GQeA8kLBymqDbx', 'akkn7JxACHgLeA9gPK', 'JkGaaCtm5T', 'aE2aSW0X5r'
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, ukR26U5gGxNhCahaWQ.csHigh entropy of concatenated method names: 'xcVyxUSreX', 'r9pycrriE2', 'Hx7X0Z6jPj', 'vdLXM4Ht4x', 'IZHXbb6bLt', 'WqhXUQmGEt', 'WwyXr5uUcZ', 'PFAXd07u4y', 'C3uX9i6ptW', 'utQXeBcCZw'
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, MRJ6VaqbQOpRMkw4tM.csHigh entropy of concatenated method names: 'gtnZNknjle', 'BvXZBqxu9p', 'MGvZiWWGrj', 'BdtZTnRLQw', 'F7FZxZBXI3', 'g75ZqFNtk7', 'uGTZcqEVqX', 'GJ4ZmbNnIo', 'HONZnMkHrY', 'vJnZgVccBh'
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, GXNUldXKd7aoE6y9Ks.csHigh entropy of concatenated method names: 'Dispose', 'M0jau8KaKf', 'FNClwccudO', 'EpVooPBNHc', 'iwOatq0YjY', 'ndZazOFHRu', 'ProcessDialogKey', 'E2Tl7g0wa1', 'JTVlaEVyOe', 'Ekgll5ULHp'
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, smsncKl7aHrvmmVQjC.csHigh entropy of concatenated method names: 'nNJjhaxSQd', 'G4ajtIVwdI', 'JKIk7Z1XbU', 'oX4kaAWfTb', 'yNIjHtrqcB', 'EvWjCXNqrm', 'mt2jAvCfjS', 'bnWjDp0XrL', 'XsvjP1luql', 'r9sjO5lW0k'
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, ahXNw9HYE2AMNyAxgf.csHigh entropy of concatenated method names: 'bJPit5Kin', 'xetTeLcCp', 'EeAq9Fwut', 'iWCcU22ih', 'S5QnVR6tp', 'YCjg7ICw0', 'vHnhUbdKpaflcJegbV', 'xKmSmHOhMvjSp4Bvta', 'AcSvYNrxocdFvUJZ0s', 'kExkNIk7f'
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, Bi9qbn6xkRFk7MGegg.csHigh entropy of concatenated method names: 'P2VQe9rB7c', 'aSvQCLeI5j', 'QahQDlGtXi', 'GuVQPMwVHV', 'g2jQwjIue3', 'h62Q0Cpwib', 'MiRQMCukWR', 'aFvQbuAStC', 'atcQUPVLn3', 'RsSQrTu9dJ'
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, gHvwOk11NV2bvbKgMkh.csHigh entropy of concatenated method names: 'ToString', 'FJG6SM1TKU', 'Wjq6vELMSZ', 'opK6J9708Y', 'HNp63AkL3V', 'csu68LMr61', 'KOZ6XDhUT8', 'mlM6yelhgF', 'cjODZ8Hl2rEHh44duT6', 'EPaGmkH552qPYG9xLYs'
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, voSuBxrqvhvwCGt0IG.csHigh entropy of concatenated method names: 'EAoSJUpVTE', 'dTdS3bNwrG', 'lQ8S8pTq5V', 'HeHSXQ8q9o', 'EG7SySiN4p', 'EHdSY5kDjI', 'iEZSZ071Yc', 'W0ESRrMokD', 'SDaSfy0uwl', 'qPdS5uVeew'
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, cqwYeOgifeDiH9GiAv.csHigh entropy of concatenated method names: 'MGnXTN4OQM', 'oCHXqseMXR', 'htVXmsIUZX', 'vduXnehulr', 'VHAXQ6E444', 'IXtXsBB5ul', 'INWXj1QhZD', 'S7CXkKZmpL', 'Ja5XKlnHEO', 'CDXX6ksVu5'
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, qSPQ2MD5SmkZrKjp26.csHigh entropy of concatenated method names: 'RyXKa3w1iW', 'espKSOdLnq', 'IEkKve7Ro8', 'SZ2K3pT6wT', 'lquK8l5Mp3', 'S8TKyyNJet', 'nOIKYrjlNT', 'KbUkLYN14w', 'xtjkhpw4FE', 'St1kuMndWa'
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, UED8nSsSYePQNI2weW.csHigh entropy of concatenated method names: 'ewv8DdSUOR', 'R6H8PbKJ3Q', 'B0c8O3IAo9', 'x3A81Yrdx2', 'YtL8G14TwZ', 'mSG8VCwDwV', 'nNd8Lbl0hP', 'Rcx8h8jyYq', 'xj38uLGIwI', 'VE98tnLcKk'
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, ojiHTL7xXDd3DKjOXI.csHigh entropy of concatenated method names: 'ToString', 'NogsHFu67S', 'phdswPWoM2', 'zOds0t3mZ4', 'RhmsMmV9oI', 'Q9csb6rgde', 'LfBsUIdMEA', 'gYrsrcMcmK', 'V6Esd39fGf', 'axns9xiqYh'
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, e4MZ7uPbvHkqw0jGbj.csHigh entropy of concatenated method names: 'z4Skpy1KJn', 'Uqikwqwdgu', 's2Sk0H9dKm', 'KWTkMlEioX', 'xpykDFZAZA', 'k1jkbtgKQJ', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, qnWEKiQF117VNjAOLn.csHigh entropy of concatenated method names: 'MmsEmAecYn', 'nFLEnAiSj3', 'r0TEpWs43v', 'OM3EwjEcnx', 'wJEEMENpnw', 'hLYEbveTgc', 'SfaEruOMsQ', 'jlTEdiyjC3', 'UnBEeCJfX1', 'J6lEHCU7Fr'
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, qovfK4tlQykrH9Zid6.csHigh entropy of concatenated method names: 'CtDYJi74mJ', 'ILAY8sBJ0V', 'nQeYyl8rZa', 'nnfYZpECS7', 'z0kYRmwVlV', 'BG2yGSexR7', 'BXmyVq4nEe', 'e8kyL8nYRm', 'TyJyhuYVdJ', 'a3dyulrEqJ'
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, bZVYUESqKCWoGNmrFC.csHigh entropy of concatenated method names: 'jDeZ34bqbM', 'USWZX6HCcn', 'uHZZYT1cF4', 'WotYteiFfL', 'vXZYzeNEui', 'DdkZ7SUv1f', 'fLoZaffj4g', 'rhKZlQfDvP', 's9yZSLxxjE', 'Vd4ZvKyMmG'
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, RPerEpvwrny7trynCf.csHigh entropy of concatenated method names: 'pymk3GGeL8', 'reck8HwKGg', 'ah3kXEDsZx', 'GIskyCU6ws', 'onSkYmqG4h', 'd2EkZEgo0C', 'MWrkRHGrLT', 'RMYkf9GKxe', 'v5Gk5nkRx5', 'vDYk4AbLmJ'
                    Source: 0.2.Packing List PDF.bat.exe.9e70000.9.raw.unpack, uu9DYP10fZ9iuCjrufe.csHigh entropy of concatenated method names: 'hniKNiygR2', 'u6oKBieOD0', 'WUfKispUYs', 'HbxKTJusKk', 'hjpKxMmOLI', 'WBSKqbDTq9', 'dh6KcWNcXn', 'YdcKm1gGwl', 'xUvKng5QVL', 'QrkKg2ppSK'
                    Source: 0.2.Packing List PDF.bat.exe.52f0000.8.raw.unpack, V4uC3Iifq56IKQcfry.csHigh entropy of concatenated method names: 'JcqLcnHE8kRk7VHJhl', 'baAwnpSkPWAs4YMGxr', 'wTgrto4LNQ', 'imnL6GCB6AIFRqkhxN', 'RgtTUJcyZL', 'dHYrbjNADO', 'xiCr8b7Qs6', 'PT2rZj37UR', 'P1WruDgOtu', 'd71eKLY6YVFQv'
                    Source: 0.2.Packing List PDF.bat.exe.52f0000.8.raw.unpack, vpednoN8EZgsJ4TDwx.csHigh entropy of concatenated method names: 'SvRTLtpnA', 'uJwWpedno', 'REZpgsJ4T', 'uwxys3A5Q', 'Tl3iTkB7U', 'EqRFtDP16', 'TW5lfqidm', 'wSKAUGlNW', 'LkrevaXpK', 'cwu0Op5AT'
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeFile created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeFile created: C:\Users\user\AppData\Roaming\CmxzrHBB.exeJump to dropped file

                    Boot Survival

                    barindex
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp233A.tmp"
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BjTxJteJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BjTxJteJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Hides that the sample has been downloaded from the Internet (zone.identifier)
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeFile opened: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe:Zone.Identifier read attributes | deleteJump to behavior
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeFile opened: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe:Zone.Identifier read attributes | delete
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: Packing List PDF.bat.exe PID: 5424, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: CmxzrHBB.exe PID: 8048, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 3424, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 1784, type: MEMORYSTR
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeMemory allocated: DF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeMemory allocated: 27A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeMemory allocated: 47A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeMemory allocated: 77A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeMemory allocated: 87A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeMemory allocated: 8960000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeMemory allocated: 9960000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeMemory allocated: 9EF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeMemory allocated: AEF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeMemory allocated: BEF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeMemory allocated: 1500000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeMemory allocated: 2F80000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeMemory allocated: 1500000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeMemory allocated: 1770000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeMemory allocated: 3140000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeMemory allocated: 5140000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeMemory allocated: 7BC0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeMemory allocated: 8BC0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeMemory allocated: 8D60000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeMemory allocated: 9D60000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeMemory allocated: A3B0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeMemory allocated: 7BC0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeMemory allocated: 3150000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeMemory allocated: 3340000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeMemory allocated: 3180000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2E00000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2FB0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2E00000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 79A0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 89A0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 8B40000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 9B40000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: A110000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 79A0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2B60000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2E30000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2B60000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: E70000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2A60000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2950000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 73A0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 83A0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 8550000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 9550000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 9C40000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: AC40000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: BC40000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 1350000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 30B0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2E80000 memory reserve | memory write watch
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3627Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5591Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWindow / User API: threadDelayed 6007Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWindow / User API: threadDelayed 3806Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeWindow / User API: threadDelayed 4454
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeWindow / User API: threadDelayed 5381
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow / User API: threadDelayed 6201
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow / User API: threadDelayed 3589
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow / User API: threadDelayed 5065
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow / User API: threadDelayed 4747
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 4028Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7244Thread sleep count: 3627 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7448Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7208Thread sleep count: 187 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7304Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7504Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7420Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -37815825351104557s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -99881s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -99747s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -99633s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -99500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -99386s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -99279s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -99165s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -99061s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -98946s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -97719s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -97596s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -97436s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -97280s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -97091s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -96985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -96874s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -96748s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -96628s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -96500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -96387s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -96280s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -96172s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -96065s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -95944s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -95828s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -95684s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -95575s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -95469s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -95169s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -92325s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -92218s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -92105s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -91994s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -91883s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -91764s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -91656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -91549s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -91422s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -91297s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -91187s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -91077s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -90961s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -90844s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -90734s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -90622s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -90515s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -90406s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -90295s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -90187s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -90033s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -88781s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -88627s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -88507s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -88366s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -88153s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exe TID: 5660Thread sleep time: -88046s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 4456Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -39660499758475511s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -100000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -99890s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -99755s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -99630s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -99511s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -99404s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -99295s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -99187s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -99077s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -98952s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -98842s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -98734s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -98603s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -96228s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -96106s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -95999s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -95890s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -95781s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -95671s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -95543s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -95437s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -95327s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -95187s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -95073s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -94969s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -94863s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -94735s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -94625s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -94515s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -94405s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -94296s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -94186s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -91533s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -91410s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -91228s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -91108s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -90997s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -90882s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -90777s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -90666s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -90559s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -90453s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -90343s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -90234s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -90122s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -89946s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -89825s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -89656s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -87409s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -87250s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -87125s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exe TID: 7248Thread sleep time: -87010s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7372Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -35048813740048126s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -100000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -99875s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -99765s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -99650s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -99471s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -98016s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -97874s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -97752s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -97538s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -97078s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -96954s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -96847s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -96726s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -96600s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -96469s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -96359s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -96249s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -96110s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -95998s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -95876s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -95750s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -95641s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -95531s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -95400s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -95281s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -95112s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -94958s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -94756s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -93625s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -93360s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -93141s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -92961s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -92844s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -92722s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -92607s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -92498s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -92375s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -92266s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -92156s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -92016s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -91891s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -91766s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -91657s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -91545s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -91422s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -91312s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -91202s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -91080s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -90956s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -90843s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -90719s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -90602s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -90407s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -89417s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -89261s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -89156s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -89046s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -88860s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -88740s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8092Thread sleep time: -88610s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 5312Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep count: 35 > 30
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -32281802128991695s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -100000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4128Thread sleep count: 5065 > 30
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -99889s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -99768s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4128Thread sleep count: 4747 > 30
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -99644s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -99517s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -99391s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -99241s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -99110s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -98121s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -97965s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -97844s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -97734s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -97563s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -97444s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -97329s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -97204s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -97079s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -96964s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -96853s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -96733s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -96624s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -96515s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -96391s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -96266s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -96157s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -96032s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -95907s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -95797s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -95688s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -95563s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -95438s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -95313s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -95188s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -95075s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -94954s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -94829s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -94704s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -94579s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -94454s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -94329s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -94204s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -94079s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -93954s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -93829s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -93704s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -93579s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -93454s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -93329s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -93218s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -93109s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -92984s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 4372Thread sleep time: -92860s >= -30000s
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 99881Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 99747Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 99633Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 99500Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 99386Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 99279Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 99165Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 99061Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 98946Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 97719Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 97596Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 97436Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 97280Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 97091Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 96985Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 96874Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 96748Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 96628Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 96500Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 96387Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 96280Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 96172Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 96065Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 95944Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 95828Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 95684Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 95575Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 95469Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 95169Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 92325Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 92218Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 92105Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 91994Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 91883Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 91764Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 91656Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 91549Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 91422Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 91297Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 91187Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 91077Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 90961Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 90844Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 90734Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 90622Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 90515Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 90406Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 90295Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 90187Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 90033Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 88781Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 88627Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 88507Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 88366Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 88153Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeThread delayed: delay time: 88046Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 100000
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 99890
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 99755
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 99630
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 99511
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 99404
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 99295
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 99187
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 99077
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 98952
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 98842
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 98734
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 98603
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 96228
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 96106
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 95999
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 95890
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 95781
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 95671
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 95543
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 95437
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 95327
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 95187
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 95073
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 94969
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 94863
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 94735
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 94625
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 94515
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 94405
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 94296
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 94186
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 91533
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 91410
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 91228
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 91108
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 90997
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 90882
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 90777
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 90666
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 90559
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 90453
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 90343
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 90234
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 90122
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 89946
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 89825
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 89656
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 87409
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 87250
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 87125
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeThread delayed: delay time: 87010
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 100000
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99875
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99765
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99650
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99471
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98016
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97874
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97752
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97538
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97078
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96954
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96847
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96726
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96600
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96469
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96359
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96249
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96110
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95998
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95876
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95750
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95641
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95531
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95400
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95281
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95112
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 94958
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 94756
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 93625
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 93360
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 93141
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 92961
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 92844
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 92722
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 92607
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 92498
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 92375
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 92266
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 92156
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 92016
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 91891
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 91766
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 91657
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 91545
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 91422
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 91312
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 91202
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 91080
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 90956
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 90843
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 90719
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 90602
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 90407
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 89417
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 89261
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 89156
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 89046
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 88860
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 88740
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 88610
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 100000
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99889
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99768
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99644
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99517
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99391
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99241
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99110
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98121
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97965
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97844
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97734
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97563
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97444
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97329
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97204
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97079
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96964
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96853
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96733
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96624
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96515
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96391
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96266
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96157
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96032
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95907
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95797
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95688
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95563
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95438
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95313
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95188
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95075
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 94954
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 94829
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 94704
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 94579
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 94454
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 94329
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 94204
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 94079
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 93954
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 93829
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 93704
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 93579
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 93454
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 93329
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 93218
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 93109
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 92984
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 92860
                    Source: BjTxJte.exe, 00000013.00000002.2315757771.00000000072E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\yFS$
                    Source: Packing List PDF.bat.exe, 00000009.00000002.4473417883.0000000001452000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000017.00000002.4516017327.00000000061C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllt
                    Source: CmxzrHBB.exe, 0000000C.00000002.2214828370.00000000013E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                    Source: BjTxJte.exe, 00000013.00000002.2315757771.00000000072E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
                    Source: CmxzrHBB.exe, 0000000C.00000002.2214828370.00000000013E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8
                    Source: CmxzrHBB.exe, 00000011.00000002.4470951720.00000000015D1000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4513905229.0000000006690000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Packing List PDF.bat.exe"
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\CmxzrHBB.exe"
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Packing List PDF.bat.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\CmxzrHBB.exe"Jump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeMemory written: C:\Users\user\AppData\Roaming\CmxzrHBB.exe base: 400000 value starts with: 4D5A
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory written: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe base: 400000 value starts with: 4D5A
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory written: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe base: 400000 value starts with: 4D5A
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Packing List PDF.bat.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\CmxzrHBB.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp233A.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeProcess created: C:\Users\user\Desktop\Packing List PDF.bat.exe "C:\Users\user\Desktop\Packing List PDF.bat.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp5CD8.tmp"
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeProcess created: C:\Users\user\AppData\Roaming\CmxzrHBB.exe "C:\Users\user\AppData\Roaming\CmxzrHBB.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp7AA1.tmp"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp9D6B.tmp"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeQueries volume information: C:\Users\user\Desktop\Packing List PDF.bat.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeQueries volume information: C:\Users\user\Desktop\Packing List PDF.bat.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeQueries volume information: C:\Users\user\AppData\Roaming\CmxzrHBB.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeQueries volume information: C:\Users\user\AppData\Roaming\CmxzrHBB.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 12.2.CmxzrHBB.exe.4bbe350.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.BjTxJte.exe.47fab28.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.CmxzrHBB.exe.4bf9370.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.BjTxJte.exe.47fab28.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.CmxzrHBB.exe.4bf9370.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.BjTxJte.exe.47bfb08.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Packing List PDF.bat.exe.4535ff8.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Packing List PDF.bat.exe.4535ff8.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.BjTxJte.exe.47bfb08.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.CmxzrHBB.exe.4bbe350.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000011.00000002.4479598758.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.4479652873.0000000002FFC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000002.2227455760.0000000004BBE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000017.00000002.4480419660.0000000002EAC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.4468382854.0000000000433000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000002.4479598758.0000000003391000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001B.00000002.4479020236.0000000003101000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000018.00000002.2392274425.00000000047BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001B.00000002.4479020236.000000000312C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.4479652873.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000017.00000002.4480419660.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2101387752.00000000044FB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Packing List PDF.bat.exe PID: 5424, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Packing List PDF.bat.exe PID: 7348, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: CmxzrHBB.exe PID: 8048, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: CmxzrHBB.exe PID: 7264, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 6512, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 1784, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 6616, type: MEMORYSTR
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 0.2.Packing List PDF.bat.exe.37a9970.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Packing List PDF.bat.exe.52f0000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Packing List PDF.bat.exe.52f0000.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Packing List PDF.bat.exe.37a9970.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2125109850.00000000052F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2101387752.00000000037A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\FTP Navigator\Ftplist.txt
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\Packing List PDF.bat.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Users\user\AppData\Roaming\CmxzrHBB.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: Yara matchFile source: 12.2.CmxzrHBB.exe.4bbe350.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.BjTxJte.exe.47fab28.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.CmxzrHBB.exe.4bf9370.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.BjTxJte.exe.47fab28.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.CmxzrHBB.exe.4bf9370.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.BjTxJte.exe.47bfb08.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Packing List PDF.bat.exe.4535ff8.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Packing List PDF.bat.exe.4535ff8.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.BjTxJte.exe.47bfb08.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.CmxzrHBB.exe.4bbe350.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000C.00000002.2227455760.0000000004BBE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.4468382854.0000000000433000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000002.4479598758.0000000003391000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001B.00000002.4479020236.0000000003101000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000018.00000002.2392274425.00000000047BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.4479652873.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000017.00000002.4480419660.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2101387752.00000000044FB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Packing List PDF.bat.exe PID: 5424, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Packing List PDF.bat.exe PID: 7348, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: CmxzrHBB.exe PID: 8048, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: CmxzrHBB.exe PID: 7264, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 6512, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 1784, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 6616, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 12.2.CmxzrHBB.exe.4bbe350.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.BjTxJte.exe.47fab28.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.CmxzrHBB.exe.4bf9370.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.BjTxJte.exe.47fab28.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.CmxzrHBB.exe.4bf9370.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.BjTxJte.exe.47bfb08.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Packing List PDF.bat.exe.4535ff8.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Packing List PDF.bat.exe.4535ff8.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.BjTxJte.exe.47bfb08.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.CmxzrHBB.exe.4bbe350.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000011.00000002.4479598758.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.4479652873.0000000002FFC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000002.2227455760.0000000004BBE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000017.00000002.4480419660.0000000002EAC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.4468382854.0000000000433000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000002.4479598758.0000000003391000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001B.00000002.4479020236.0000000003101000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000018.00000002.2392274425.00000000047BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001B.00000002.4479020236.000000000312C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.4479652873.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000017.00000002.4480419660.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2101387752.00000000044FB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Packing List PDF.bat.exe PID: 5424, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Packing List PDF.bat.exe PID: 7348, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: CmxzrHBB.exe PID: 8048, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: CmxzrHBB.exe PID: 7264, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 6512, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 1784, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 6616, type: MEMORYSTR
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 0.2.Packing List PDF.bat.exe.37a9970.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Packing List PDF.bat.exe.52f0000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Packing List PDF.bat.exe.52f0000.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Packing List PDF.bat.exe.37a9970.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2125109850.00000000052F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2101387752.00000000037A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		11
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		111
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		11
                    Input Capture                    		24
                    System Information Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAt11
                    Registry Run Keys / Startup Folder                    		1
                    Scheduled Task/Job                    		3
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		1
                    Query Registry                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook11
                    Registry Run Keys / Startup Folder                    		22
                    Software Packing                    		NTDS211
                    Security Software Discovery                    		Distributed Component Object Model11
                    Input Capture                    		3
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets1
                    Process Discovery                    		SSH1
                    Clipboard Data                    		14
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading                    		Cached Domain Credentials141
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
                    Virtualization/Sandbox Evasion                    		DCSync1
                    Application Window Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job111
                    Process Injection                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                    Hidden Files and Directories                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1432126 Sample: Packing List PDF.bat.exe Startdate: 26/04/2024 Architecture: WINDOWS Score: 100 66 mail.fascia-arch.com 2->66 68 api.ipify.org 2->68 76 Found malware configuration 2->76 78 Malicious sample detected (through community Yara rule) 2->78 80 Antivirus / Scanner detection for submitted sample 2->80 82 13 other signatures 2->82 8 Packing List PDF.bat.exe 7 2->8         started        12 CmxzrHBB.exe 2->12         started        14 BjTxJte.exe 2->14         started        16 2 other processes 2->16 signatures3 process4 dnsIp5 58 C:\Users\user\AppData\Roaming\CmxzrHBB.exe, PE32 8->58 dropped 60 C:\Users\user\AppData\Local\...\tmp233A.tmp, XML 8->60 dropped 98 Adds a directory exclusion to Windows Defender 8->98 19 Packing List PDF.bat.exe 16 5 8->19         started        24 powershell.exe 23 8->24         started        34 2 other processes 8->34 100 Antivirus detection for dropped file 12->100 102 Multi AV Scanner detection for dropped file 12->102 104 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 12->104 26 CmxzrHBB.exe 12->26         started        28 schtasks.exe 12->28         started        106 Machine Learning detection for dropped file 14->106 108 Injects a PE file into a foreign processes 14->108 30 BjTxJte.exe 14->30         started        36 2 other processes 14->36 62 192.168.2.5, 138, 443, 49703 unknown unknown 16->62 64 239.255.255.250 unknown Reserved 16->64 32 BjTxJte.exe 16->32         started        38 2 other processes 16->38 file6 signatures7 process8 dnsIp9 70 mail.fascia-arch.com 50.87.195.61, 587 UNIFIEDLAYER-AS-1US United States 19->70 72 api.ipify.org 172.67.74.152, 443, 49707, 49725 CLOUDFLARENETUS United States 19->72 54 C:\Users\user\AppData\Roaming\...\BjTxJte.exe, PE32 19->54 dropped 56 C:\Users\user\...\BjTxJte.exe:Zone.Identifier, ASCII 19->56 dropped 84 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 19->84 86 Tries to steal Mail credentials (via file / registry access) 19->86 88 Hides that the sample has been downloaded from the Internet (zone.identifier) 19->88 90 Loading BitLocker PowerShell Module 24->90 40 conhost.exe 24->40         started        42 WmiPrvSE.exe 24->42         started        44 conhost.exe 28->44         started        92 Tries to harvest and steal ftp login credentials 32->92 94 Tries to harvest and steal browser information (history, passwords, etc) 32->94 96 Installs a global keyboard hook 32->96 46 conhost.exe 34->46         started        48 conhost.exe 34->48         started        50 conhost.exe 36->50         started        74 www.google.com 142.250.217.228, 443, 49708, 49714 GOOGLEUS United States 38->74 52 conhost.exe 38->52         started        file10 signatures11 process12

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Packing List PDF.bat.exe37%ReversingLabsWin32.Trojan.GenSteal
                    Packing List PDF.bat.exe36%VirustotalBrowse
                    Packing List PDF.bat.exe100%AviraHEUR/AGEN.1309753
                    Packing List PDF.bat.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe100%AviraHEUR/AGEN.1309753
                    C:\Users\user\AppData\Roaming\CmxzrHBB.exe100%AviraHEUR/AGEN.1309753
                    C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\CmxzrHBB.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe37%ReversingLabsWin32.Trojan.GenSteal
                    C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe42%VirustotalBrowse
                    C:\Users\user\AppData\Roaming\CmxzrHBB.exe37%ReversingLabsWin32.Trojan.GenSteal
                    C:\Users\user\AppData\Roaming\CmxzrHBB.exe42%VirustotalBrowse

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    mail.fascia-arch.com0%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    http://mail.fascia-arch.com0%Avira URL Cloudsafe
                    http://mail.fascia-arch.com0%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    api.ipify.org
                    		172.67.74.152
                    		truefalse
                      		high
                      www.google.com
                      		142.250.217.228
                      		truefalse
                        		high
                        mail.fascia-arch.com
                        		50.87.195.61
                        		truetrueunknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://api.ipify.org/false
                          		high
                          https://www.google.com/async/ddljson?async=ntp:2false
                            		high
                            https://www.google.com/async/newtab_promosfalse
                              		high
                              https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                		high
                                https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                                  		high
                                  https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGM3DrrEGIjDy4V0_H3Yjc85slo8hhBKKQ10ZDiDsFUznR22jXujdUr7c3uzDt_B_DWQMzTa2E2wyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
                                    		high
                                    https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGM3DrrEGIjCh-Z92sb0-vV99vzjR5lAr82DSiquRDqbOuOzSa8pK8DSxKaDTVvY45j6P2ULr1Z8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
                                      		high

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://api.ipify.orgPacking List PDF.bat.exe, 00000000.00000002.2101387752.00000000044FB000.00000004.00000800.00020000.00000000.sdmp, Packing List PDF.bat.exe, 00000009.00000002.4479652873.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, Packing List PDF.bat.exe, 00000009.00000002.4468382854.0000000000433000.00000040.00000400.00020000.00000000.sdmp, CmxzrHBB.exe, 0000000C.00000002.2227455760.0000000004BBE000.00000004.00000800.00020000.00000000.sdmp, CmxzrHBB.exe, 00000011.00000002.4479598758.0000000003341000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000017.00000002.4480419660.0000000002E3C000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.2392274425.00000000047BF000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4479020236.00000000030B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://mail.fascia-arch.comPacking List PDF.bat.exe, 00000009.00000002.4479652873.0000000002FFC000.00000004.00000800.00020000.00000000.sdmp, Packing List PDF.bat.exe, 00000009.00000002.4479652873.0000000003014000.00000004.00000800.00020000.00000000.sdmp, Packing List PDF.bat.exe, 00000009.00000002.4479652873.000000000314C000.00000004.00000800.00020000.00000000.sdmp, CmxzrHBB.exe, 00000011.00000002.4479598758.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000017.00000002.4480419660.0000000002F9D000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000017.00000002.4480419660.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000017.00000002.4480419660.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000017.00000002.4480419660.0000000002EC4000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000017.00000002.4480419660.000000000306D000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000017.00000002.4480419660.0000000002EAC000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4479020236.0000000003144000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4479020236.00000000031E4000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4479020236.000000000312C000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://account.dyn.com/Packing List PDF.bat.exe, 00000000.00000002.2101387752.00000000044FB000.00000004.00000800.00020000.00000000.sdmp, Packing List PDF.bat.exe, 00000009.00000002.4468382854.0000000000433000.00000040.00000400.00020000.00000000.sdmp, CmxzrHBB.exe, 0000000C.00000002.2227455760.0000000004BBE000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.2392274425.00000000047BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://api.ipify.org/tPacking List PDF.bat.exe, 00000009.00000002.4479652873.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, CmxzrHBB.exe, 00000011.00000002.4479598758.0000000003341000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000017.00000002.4480419660.0000000002E3C000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4479020236.00000000030B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePacking List PDF.bat.exe, 00000000.00000002.2098296618.000000000280B000.00000004.00000800.00020000.00000000.sdmp, Packing List PDF.bat.exe, 00000000.00000002.2098296618.0000000002A36000.00000004.00000800.00020000.00000000.sdmp, Packing List PDF.bat.exe, 00000009.00000002.4479652873.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, CmxzrHBB.exe, 0000000C.00000002.2225583854.00000000031B6000.00000004.00000800.00020000.00000000.sdmp, CmxzrHBB.exe, 00000011.00000002.4479598758.0000000003341000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.2308900332.0000000003026000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000017.00000002.4480419660.0000000002E3C000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.2385416569.0000000002ACB000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.2385416569.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4479020236.00000000030B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              239.255.255.250
                                              		unknownReserved
                                              		unknownunknownfalse
                                              50.87.195.61
                                              		mail.fascia-arch.comUnited States
                                              		46606UNIFIEDLAYER-AS-1UStrue
                                              142.250.217.228
                                              		www.google.comUnited States
                                              		15169GOOGLEUSfalse
                                              172.67.74.152
                                              		api.ipify.orgUnited States
                                              		13335CLOUDFLARENETUSfalse

                                              Private

                                              IP
                                              192.168.2.5

                                              General Information

                                              Joe Sandbox version:40.0.0 Tourmaline
                                              Analysis ID:1432126
                                              Start date and time:2024-04-26 14:44:05 +02:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:0h 12m 23s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:29
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Sample name:Packing List PDF.bat.exe
                                              Detection:MAL
                                              Classification:mal100.phis.troj.spyw.evad.winEXE@48/28@4/5
                                              EGA Information:
                                              • Successful, ratio: 100%
                                              HCA Information:
                                              • Successful, ratio: 100%
                                              • Number of executed functions: 477
                                              • Number of non-executed functions: 12
                                              Cookbook Comments:
                                              • Found application associated with file extension: .exe
                                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                                              Warnings

                                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                              • Excluded IPs from analysis (whitelisted): 192.178.50.67, 142.250.217.174, 108.177.11.84, 34.104.35.123, 199.232.214.172, 192.229.211.108, 142.250.64.163, 142.250.64.238
                                              • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                              • Report size getting too big, too many NtCreateKey calls found.
                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                              • Report size getting too big, too many NtReadVirtualMemory calls found.

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              14:44:51API Interceptor4364868x Sleep call for process: Packing List PDF.bat.exe modified
                                              14:44:55API Interceptor29x Sleep call for process: powershell.exe modified
                                              14:44:57Task SchedulerRun new task: CmxzrHBB path: C:\Users\user\AppData\Roaming\CmxzrHBB.exe
                                              14:45:04API Interceptor418651x Sleep call for process: CmxzrHBB.exe modified
                                              14:45:04AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run BjTxJte C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                              14:45:13API Interceptor6387136x Sleep call for process: BjTxJte.exe modified
                                              14:45:13AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run BjTxJte C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe

                                              QR Codes

                                              SourceURL
                                              Screenshothttp://

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              239.255.255.250https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3YffzGet hashmaliciousHTMLPhisherBrowse
                                                ePI4igo4y1.exeGet hashmaliciousAsyncRATBrowse
                                                  POattach.htmlGet hashmaliciousHTMLPhisherBrowse
                                                    http://www.ensp.fiocruz.br/portal-ensp/entrevista/counter.php?content=http://owens-minor.com&contentid=32190&link=https://nabbeton.com/!Get hashmaliciousUnknownBrowse
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                        file.exeGet hashmaliciousUnknownBrowse
                                                          https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3YffzGet hashmaliciousHTMLPhisherBrowse
                                                            https://exploredrinks.comGet hashmaliciousUnknownBrowse
                                                              factura - ztcpyqiqtfiewxjhesna.msiGet hashmaliciousUnknownBrowse
                                                                https://survey.zohopublic.eu/zs/GzDXvpGet hashmaliciousHTMLPhisherBrowse
                                                                  50.87.195.61vbc.exeGet hashmaliciousFormBookBrowse
                                                                  • www.vegrebel.com/nnmd/?VRNp=wBZl4vkh1&MvdD=iedGY0/hYfrjbbwxufAPjCijJp09b4Pnd9RoleXu3W9ZUfsJsAn0SGbENHPecaFD81L2
                                                                  SWIFT COPY_PDF.exeGet hashmaliciousFormBookBrowse
                                                                  • www.smguidetowkw.com/m2be/?Et5pFP9=GRobwBHqsz/I/K6QMyhqlyyiibK6nxcxU5TpJro9yIpA+ftqAp39OLT0oN0WcJ2Wu53Xy7WDvg==&uDKLJ=D48t
                                                                  172.67.74.152Sonic-Glyder.exeGet hashmaliciousStealitBrowse
                                                                  • api.ipify.org/?format=json
                                                                  Sky-Beta.exeGet hashmaliciousUnknownBrowse
                                                                  • api.ipify.org/?format=json
                                                                  Sky-Beta.exeGet hashmaliciousUnknownBrowse
                                                                  • api.ipify.org/?format=json
                                                                  Sky-Beta-Setup.exeGet hashmaliciousStealitBrowse
                                                                  • api.ipify.org/?format=json
                                                                  Sky-Beta.exeGet hashmaliciousStealitBrowse
                                                                  • api.ipify.org/?format=json
                                                                  SongOfVikings.exeGet hashmaliciousUnknownBrowse
                                                                  • api.ipify.org/?format=json
                                                                  SongOfVikings.exeGet hashmaliciousUnknownBrowse
                                                                  • api.ipify.org/?format=json
                                                                  Sky-Beta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                  • api.ipify.org/?format=json

                                                                  Domains

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  mail.fascia-arch.comStatement of Account PDF.bat.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                  • 50.87.195.61
                                                                  SOA FOR APR 2024 PDF.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                  • 50.87.195.61
                                                                  DHL STATEMENT OF ACCOUNT - 1003657363.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 50.87.195.61
                                                                  PO.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 50.87.195.61
                                                                  IOJMZilMeH.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 50.87.195.61
                                                                  PO#7A68D20.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 50.87.195.61
                                                                  api.ipify.orgInvoice.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                  • 104.26.12.205
                                                                  PONO6188.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                  • 104.26.13.205
                                                                  Payment details.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 104.26.13.205
                                                                  Docs.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 172.67.74.152
                                                                  PO#50124.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 104.26.13.205
                                                                  Statement of Account PDF.bat.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                  • 104.26.12.205
                                                                  CHEMICAL SPECIFICATIONS.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 104.26.13.205
                                                                  Payment.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 104.26.12.205
                                                                  SOA FOR APR 2024 PDF.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                  • 104.26.12.205
                                                                  Payment Swift.docGet hashmaliciousAgentTeslaBrowse
                                                                  • 172.67.74.152

                                                                  ASNs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  UNIFIEDLAYER-AS-1USPONO6188.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                  • 192.185.13.234
                                                                  Payment details.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 50.87.145.190
                                                                  Docs.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 50.87.219.149
                                                                  PO#50124.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 50.87.219.149
                                                                  http://www.tbmuae.com/Get hashmaliciousGRQ ScamBrowse
                                                                  • 198.57.149.230
                                                                  Statement of Account PDF.bat.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                  • 50.87.195.61
                                                                  Quotation Order.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 192.254.225.166
                                                                  DHL - OVERDUE ACCOUNT NOTICE - 1301669350.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                  • 50.87.253.239
                                                                  CHEMICAL SPECIFICATIONS.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 192.254.225.136
                                                                  SOA FOR APR 2024 PDF.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                  • 50.87.195.61
                                                                  CLOUDFLARENETUSPOattach.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                  • 104.18.11.207
                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                  • 172.64.41.3
                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                  • 172.64.41.3
                                                                  factura - ztcpyqiqtfiewxjhesna.msiGet hashmaliciousUnknownBrowse
                                                                  • 104.18.32.137
                                                                  Invoice.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                  • 104.26.13.205
                                                                  JHqNlw9U8c.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                  • 172.67.19.24
                                                                  file.exeGet hashmaliciousRisePro StealerBrowse
                                                                  • 104.26.5.15
                                                                  PONO6188.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                  • 104.26.13.205
                                                                  Payment details.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 104.26.13.205
                                                                  Docs.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 172.67.74.152

                                                                  JA3 Fingerprints

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  1138de370e523e824bbca92d049a3777https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3YffzGet hashmaliciousHTMLPhisherBrowse
                                                                  • 23.1.237.91
                                                                  POattach.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                  • 23.1.237.91
                                                                  http://www.ensp.fiocruz.br/portal-ensp/entrevista/counter.php?content=http://owens-minor.com&contentid=32190&link=https://nabbeton.com/!Get hashmaliciousUnknownBrowse
                                                                  • 23.1.237.91
                                                                  https://ipfs.io/ipfs/QmTvMGRn6QMQAMwSucv8UUTX3cyS4DrLuUTMvDui8TsJNNGet hashmaliciousUnknownBrowse
                                                                  • 23.1.237.91
                                                                  https://deebmpapst.ordineproposal.top/Get hashmaliciousUnknownBrowse
                                                                  • 23.1.237.91
                                                                  https://springtail-lute-g4wp.squarespace.com/Get hashmaliciousUnknownBrowse
                                                                  • 23.1.237.91
                                                                  http://cleverchoice.com.auGet hashmaliciousUnknownBrowse
                                                                  • 23.1.237.91
                                                                  SWIFT.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                  • 23.1.237.91
                                                                  https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085Get hashmaliciousUnknownBrowse
                                                                  • 23.1.237.91
                                                                  https://markssmith.icu/23d80j2d/qwd13d8jqd/index.html?13813e8=0101%2048076%2044139&13813e8=https://playgames5.netGet hashmaliciousTechSupportScamBrowse
                                                                  • 23.1.237.91
                                                                  28a2c9bd18a11de089ef85a160da29e4ePI4igo4y1.exeGet hashmaliciousAsyncRATBrowse
                                                                  • 23.193.120.112
                                                                  • 20.12.23.50
                                                                  POattach.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                  • 23.193.120.112
                                                                  • 20.12.23.50
                                                                  http://www.ensp.fiocruz.br/portal-ensp/entrevista/counter.php?content=http://owens-minor.com&contentid=32190&link=https://nabbeton.com/!Get hashmaliciousUnknownBrowse
                                                                  • 23.193.120.112
                                                                  • 20.12.23.50
                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                  • 23.193.120.112
                                                                  • 20.12.23.50
                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                  • 23.193.120.112
                                                                  • 20.12.23.50
                                                                  https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3YffzGet hashmaliciousHTMLPhisherBrowse
                                                                  • 23.193.120.112
                                                                  • 20.12.23.50
                                                                  https://exploredrinks.comGet hashmaliciousUnknownBrowse
                                                                  • 23.193.120.112
                                                                  • 20.12.23.50
                                                                  JHqNlw9U8c.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                  • 23.193.120.112
                                                                  • 20.12.23.50
                                                                  https://survey.zohopublic.eu/zs/GzDXvpGet hashmaliciousHTMLPhisherBrowse
                                                                  • 23.193.120.112
                                                                  • 20.12.23.50
                                                                  file.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                  • 23.193.120.112
                                                                  • 20.12.23.50
                                                                  3b5074b1b5d032e5620f69f9f700ff0efile.exeGet hashmaliciousUnknownBrowse
                                                                  • 172.67.74.152
                                                                  Invoice.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                  • 172.67.74.152
                                                                  JHqNlw9U8c.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                  • 172.67.74.152
                                                                  file.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                  • 172.67.74.152
                                                                  PONO6188.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                  • 172.67.74.152
                                                                  Payment details.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 172.67.74.152
                                                                  Docs.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 172.67.74.152
                                                                  PO#50124.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 172.67.74.152
                                                                  Statement of Account PDF.bat.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                  • 172.67.74.152
                                                                  CHEMICAL SPECIFICATIONS.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 172.67.74.152

                                                                  Dropped Files

                                                                  No context

                                                                  Created / dropped Files

                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BjTxJte.exe.log

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                                  File Type:ASCII text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):1216
                                                                  Entropy (8bit):5.34331486778365
                                                                  Encrypted:false
                                                                  SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                  MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                  SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                  SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                  SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                  Malicious:false
                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\CmxzrHBB.exe.log

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Roaming\CmxzrHBB.exe
                                                                  File Type:ASCII text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):1216
                                                                  Entropy (8bit):5.34331486778365
                                                                  Encrypted:false
                                                                  SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                  MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                  SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                  SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                  SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                  Malicious:false
                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Packing List PDF.bat.exe.log

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\Packing List PDF.bat.exe
                                                                  File Type:ASCII text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):1216
                                                                  Entropy (8bit):5.34331486778365
                                                                  Encrypted:false
                                                                  SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                  MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                  SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                  SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                  SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                  Malicious:false
                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):2232
                                                                  Entropy (8bit):5.379401388151058
                                                                  Encrypted:false
                                                                  SSDEEP:48:fWSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMugeC/ZPUyus:fLHxvIIwLgZ2KRHWLOug8s
                                                                  MD5:AF15464AFD6EB7D301162A1DC8E01662
                                                                  SHA1:A974B8FEC71BF837B8E72FE43AB43E447FC43A86
                                                                  SHA-256:103A67F6744C098E5121D2D732753DFA4B54FA0EFD918FEC3941A3C052F5E211
                                                                  SHA-512:7B5B7B7F6EAE4544BAF61F9C02BF0138950E5D7D1B0457DE2FAB2C4C484220BDD1AB42D6884838E798AD46CE1B5B5426CEB825A1690B1190857D3B643ABFAB37
                                                                  Malicious:false
                                                                  Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0jozgeta.reu.ps1

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_22httbnf.pkg.ps1

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5hfyyymw.pbd.psm1

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bac5m1nc.zmb.psm1

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_guyixdtw.vmk.ps1

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kf4unmsc.ttx.ps1

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pizsrtqd.gsy.psm1

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_usyqsftg.jic.psm1

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\tmp233A.tmp

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\Packing List PDF.bat.exe
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):1581
                                                                  Entropy (8bit):5.105906804782666
                                                                  Encrypted:false
                                                                  SSDEEP:24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNt2t0oxvn:cgergYrFdOFzOzN33ODOiDdKrsuTK0Iv
                                                                  MD5:B815A487438E9811FDF268A128FAAFFD
                                                                  SHA1:9D9C81893C58E576C4A283B1796BC0866E00B660
                                                                  SHA-256:567A354BF3424EE3C759D282524D6193E20D273929F96929EEBA0557B86BC8EB
                                                                  SHA-512:CBF497CB2775696AE094CD58DA45C64AD4C40E1BEA76762C6CBB0EEBA20CA7C2FDE3D8348E427F9851CDE9BB6C789B5A94BB03FFE5B20D8CDC800414E04AB75A
                                                                  Malicious:true
                                                                  Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                                                                  C:\Users\user\AppData\Local\Temp\tmp5CD8.tmp

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Roaming\CmxzrHBB.exe
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):1581
                                                                  Entropy (8bit):5.105906804782666
                                                                  Encrypted:false
                                                                  SSDEEP:24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNt2t0oxvn:cgergYrFdOFzOzN33ODOiDdKrsuTK0Iv
                                                                  MD5:B815A487438E9811FDF268A128FAAFFD
                                                                  SHA1:9D9C81893C58E576C4A283B1796BC0866E00B660
                                                                  SHA-256:567A354BF3424EE3C759D282524D6193E20D273929F96929EEBA0557B86BC8EB
                                                                  SHA-512:CBF497CB2775696AE094CD58DA45C64AD4C40E1BEA76762C6CBB0EEBA20CA7C2FDE3D8348E427F9851CDE9BB6C789B5A94BB03FFE5B20D8CDC800414E04AB75A
                                                                  Malicious:false
                                                                  Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                                                                  C:\Users\user\AppData\Local\Temp\tmp7AA1.tmp

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):1581
                                                                  Entropy (8bit):5.105906804782666
                                                                  Encrypted:false
                                                                  SSDEEP:24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNt2t0oxvn:cgergYrFdOFzOzN33ODOiDdKrsuTK0Iv
                                                                  MD5:B815A487438E9811FDF268A128FAAFFD
                                                                  SHA1:9D9C81893C58E576C4A283B1796BC0866E00B660
                                                                  SHA-256:567A354BF3424EE3C759D282524D6193E20D273929F96929EEBA0557B86BC8EB
                                                                  SHA-512:CBF497CB2775696AE094CD58DA45C64AD4C40E1BEA76762C6CBB0EEBA20CA7C2FDE3D8348E427F9851CDE9BB6C789B5A94BB03FFE5B20D8CDC800414E04AB75A
                                                                  Malicious:false
                                                                  Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                                                                  C:\Users\user\AppData\Local\Temp\tmp9D6B.tmp

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                                  File Type:XML 1.0 document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):1581
                                                                  Entropy (8bit):5.105906804782666
                                                                  Encrypted:false
                                                                  SSDEEP:24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNt2t0oxvn:cgergYrFdOFzOzN33ODOiDdKrsuTK0Iv
                                                                  MD5:B815A487438E9811FDF268A128FAAFFD
                                                                  SHA1:9D9C81893C58E576C4A283B1796BC0866E00B660
                                                                  SHA-256:567A354BF3424EE3C759D282524D6193E20D273929F96929EEBA0557B86BC8EB
                                                                  SHA-512:CBF497CB2775696AE094CD58DA45C64AD4C40E1BEA76762C6CBB0EEBA20CA7C2FDE3D8348E427F9851CDE9BB6C789B5A94BB03FFE5B20D8CDC800414E04AB75A
                                                                  Malicious:false
                                                                  Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                                                                  C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\Packing List PDF.bat.exe
                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):841728
                                                                  Entropy (8bit):7.961250971443957
                                                                  Encrypted:false
                                                                  SSDEEP:12288:tEqnHvjNIrpf9rN/mc/CaBmIwsyaPSIir97G6NLOZCGKEgbjuPBB5uO12rq:txPjKr5BNDWVxcSIiRG6atlB5N
                                                                  MD5:5A12438B3B4C926C12A9376C7BF13426
                                                                  SHA1:C3185C6A5E5F07A5BEFBE4AF7131D05634F5D1A3
                                                                  SHA-256:1A794211DEAA0ECB6ABC6101D7C1BD61111B4DD2D895EE7ECF78FBF17F4C9AB3
                                                                  SHA-512:16C1E0E18EB8B3345B8B05443B782CB1DD35492AC986811C39F3CDCE8DFE85B003ABA029FFCA0E38AA33C951D0D08281825152B0E239471EAC3DE18AC67864D0
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: Avira, Detection: 100%
                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                  • Antivirus: ReversingLabs, Detection: 37%
                                                                  • Antivirus: Virustotal, Detection: 42%, Browse
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....+f..............0......4........... ........@.. .......................@............@.................................<...O........1................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc....1.......2..................@..@.reloc....... ......................@..B................p.......H........]...o..........<...............................................:.(......}....*..0...........(....o'....(......(....o+.......o*...(....o)...(.......o-.....(......(......o........r...po......o.....o.....o......o.........(........o.....3....o .......r...ps!...z&....*.........m.:........0..;.......("...r...po#...o$...s%....s&.....r...po......o'....o....((...,..o)...r...p~*...o+...&+..o)...r...p.o....o+...&.o....((...,..o)...r...p~*...o+...&+..o)...r...p.o....o+...&.o....

                                                                  C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe:Zone.Identifier

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\Packing List PDF.bat.exe
                                                                  File Type:ASCII text, with CRLF line terminators
                                                                  Category:modified
                                                                  Size (bytes):26
                                                                  Entropy (8bit):3.95006375643621
                                                                  Encrypted:false
                                                                  SSDEEP:3:ggPYV:rPYV
                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                  Malicious:true
                                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                                  C:\Users\user\AppData\Roaming\CmxzrHBB.exe

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\Packing List PDF.bat.exe
                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):841728
                                                                  Entropy (8bit):7.961250971443957
                                                                  Encrypted:false
                                                                  SSDEEP:12288:tEqnHvjNIrpf9rN/mc/CaBmIwsyaPSIir97G6NLOZCGKEgbjuPBB5uO12rq:txPjKr5BNDWVxcSIiRG6atlB5N
                                                                  MD5:5A12438B3B4C926C12A9376C7BF13426
                                                                  SHA1:C3185C6A5E5F07A5BEFBE4AF7131D05634F5D1A3
                                                                  SHA-256:1A794211DEAA0ECB6ABC6101D7C1BD61111B4DD2D895EE7ECF78FBF17F4C9AB3
                                                                  SHA-512:16C1E0E18EB8B3345B8B05443B782CB1DD35492AC986811C39F3CDCE8DFE85B003ABA029FFCA0E38AA33C951D0D08281825152B0E239471EAC3DE18AC67864D0
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: Avira, Detection: 100%
                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                  • Antivirus: ReversingLabs, Detection: 37%
                                                                  • Antivirus: Virustotal, Detection: 42%, Browse
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....+f..............0......4........... ........@.. .......................@............@.................................<...O........1................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc....1.......2..................@..@.reloc....... ......................@..B................p.......H........]...o..........<...............................................:.(......}....*..0...........(....o'....(......(....o+.......o*...(....o)...(.......o-.....(......(......o........r...po......o.....o.....o......o.........(........o.....3....o .......r...ps!...z&....*.........m.:........0..;.......("...r...po#...o$...s%....s&.....r...po......o'....o....((...,..o)...r...p~*...o+...&+..o)...r...p.o....o+...&.o....((...,..o)...r...p~*...o+...&+..o)...r...p.o....o+...&.o....

                                                                  C:\Users\user\AppData\Roaming\CmxzrHBB.exe:Zone.Identifier

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\Packing List PDF.bat.exe
                                                                  File Type:ASCII text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):26
                                                                  Entropy (8bit):3.95006375643621
                                                                  Encrypted:false
                                                                  SSDEEP:3:ggPYV:rPYV
                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                  Malicious:false
                                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 11:45:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                  Category:dropped
                                                                  Size (bytes):2677
                                                                  Entropy (8bit):3.974363580608902
                                                                  Encrypted:false
                                                                  SSDEEP:48:8OtdboT7sggWHVidAKZdA19ehwiZUklqehBy+3:8OsXgsKy
                                                                  MD5:956635169A764D48FAA56223E8EC3120
                                                                  SHA1:EB5C9048CE24334CD5A8D2C074D7AEE405F9A227
                                                                  SHA-256:03F57A6CB3738B6C560B7331F6021302B98293335E0566330899F344E160BC85
                                                                  SHA-512:07C48EB6669968133862FCDC3080E0DA7ECEB17B45B81927344C9A8DAC2DA4F77F52E018F9192D590D47A0D82773D27A040B467DB401ADD45F2044E87A989320
                                                                  Malicious:false
                                                                  Preview:L..................F.@.. ...$+.,......Y....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.e....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.e...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........fCx[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 11:45:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                  Category:dropped
                                                                  Size (bytes):2679
                                                                  Entropy (8bit):3.9893614080980395
                                                                  Encrypted:false
                                                                  SSDEEP:48:8btdboT7sggWHVidAKZdA1weh/iZUkAQkqeh6y+2:8bsXge9Qzy
                                                                  MD5:FB11AB6FCF42FC5742244B966D828DCE
                                                                  SHA1:BEC581EC6BC4B813BBF64718547628671C0F66F4
                                                                  SHA-256:846B0B3DB7637B9DDB005CE6072043EB37DB9414C87B75CCC2FC85891CC2BD04
                                                                  SHA-512:962103352777001F0CA28341F6D6593CC5D76523919BEA92BE2878AE234EE45C08E15487F0498901D33488E7C25FE8C5D6790687D312326733D87C9073FA6F9A
                                                                  Malicious:false
                                                                  Preview:L..................F.@.. ...$+.,......?....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.e....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.e...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........fCx[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                  Category:dropped
                                                                  Size (bytes):2693
                                                                  Entropy (8bit):3.9982421626716387
                                                                  Encrypted:false
                                                                  SSDEEP:48:8xJdboT7sgsHVidAKZdA14tseh7sFiZUkmgqeh7sEy+BX:8x4X8nmy
                                                                  MD5:2817968C3E70B8BD2524F54E757D6F75
                                                                  SHA1:CCC8E7743415B55DDBE261994D8570B1FDC80388
                                                                  SHA-256:70BB99185DDC88D67C6FDAC10165CBF9EA8FC5BA373032526A6675CD0AD3377A
                                                                  SHA-512:DCA17037E58B7AAD5BB9B1BC18EB5B312084431C5BB52930394F00E7088C0A56B82A789B464E1D96FC2B70429D9DA37B3F8AAAC790A14EAB8062EA0BDED2535E
                                                                  Malicious:false
                                                                  Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.e....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........fCx[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 11:45:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                  Category:dropped
                                                                  Size (bytes):2681
                                                                  Entropy (8bit):3.988759639617585
                                                                  Encrypted:false
                                                                  SSDEEP:48:8LtdboT7sggWHVidAKZdA1vehDiZUkwqehOy+R:8LsXgFMy
                                                                  MD5:424DC5833DBFE82A4087439662CA2E84
                                                                  SHA1:8BC2737DEF133B4ADF7B558E1601CF82B1CE6D74
                                                                  SHA-256:DCEAFA38D03FFC5FBCDD763A27C7D1282265A563B1AE983943C26CC16FEF8C22
                                                                  SHA-512:BAD1A0AEB1C82243A2DEDE7C66434BBACDB04264960E1BAC0637A4BB5834DF9390A487E886ECE8E2E1D28076D40F5F786627F24A7592B0740411F292090B455B
                                                                  Malicious:false
                                                                  Preview:L..................F.@.. ...$+.,......8....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.e....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.e...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........fCx[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 11:45:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                  Category:dropped
                                                                  Size (bytes):2681
                                                                  Entropy (8bit):3.974604775450345
                                                                  Encrypted:false
                                                                  SSDEEP:48:8OvtdboT7sggWHVidAKZdA1hehBiZUk1W1qehQy+C:8AsXgV9wy
                                                                  MD5:41D52961B9E4984B3FFD09A4A2F7D7AB
                                                                  SHA1:1F470379A5DB985A5D132EF131C051C5038C656A
                                                                  SHA-256:757F82D9C722DA7DAAD21E3652127108946B90490726B140A772877D76B8E98F
                                                                  SHA-512:EB5DE24D602322CDC6465D38A46FC02B649C7244D3274794918C2ECD28EB8BC475490014DF1ABE31D8CCF683917B872F3FDA971DF923D3C696A2C12179EFE0FD
                                                                  Malicious:false
                                                                  Preview:L..................F.@.. ...$+.,.....nL....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.e....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.e...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........fCx[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 11:45:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                  Category:dropped
                                                                  Size (bytes):2683
                                                                  Entropy (8bit):3.9857196755480135
                                                                  Encrypted:false
                                                                  SSDEEP:48:8TtdboT7sggWHVidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbmy+yT+:8TsXgpT/TbxWOvTbmy7T
                                                                  MD5:159B60B5EDD437386DD77701C5BF61C2
                                                                  SHA1:74B55A1049ADC4513C17242077679DEC39A6FE22
                                                                  SHA-256:D7692B94E6EC8977128158CA14F1DFDBBBB175A2ED824E04BA9702CF82338612
                                                                  SHA-512:A7F876B6E76E0E6ACFEAB001283766FD31A17BB222488595E9C024AF70CDEB67B6B0A40FC9B7C8B0E3AF2CEC236D62D20955EA663268AB3B3561322621F893BC
                                                                  Malicious:false
                                                                  Preview:L..................F.@.. ...$+.,......-....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.e....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.e...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........fCx[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                  Chrome Cache Entry: 95

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:ASCII text, with very long lines (777)
                                                                  Category:downloaded
                                                                  Size (bytes):782
                                                                  Entropy (8bit):5.11692308368157
                                                                  Encrypted:false
                                                                  SSDEEP:24:9gQ4O0VjUYZzQBHslgT9lCuABuyluF7HHHHeHYqmffffffo:963QKlgZ01BuouFvqmffffffo
                                                                  MD5:2729D0200520AAE75E160724B9CB530A
                                                                  SHA1:D9BB4EDE9CE1C21A5D9F8CECDB9FA836DA6AF5B4
                                                                  SHA-256:31AED364C26CC155D3E165E881055CE4F2B09DD2968D34E193C294C503E6FA47
                                                                  SHA-512:52227C5B360994C7BDB77D91E3017BB4F81D784715FAA360F8606B075498511108F01248DD4926B860237B4E130CCE78EA51BFAA87DE620505E4BD5B83F6E400
                                                                  Malicious:false
                                                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                  Preview:)]}'.["",["nba awards announcement dates 2024","age cap spotify","apple iphone 16 pro max","cleveland browns nfl draft","latin american music awards","manor lords release time","columbia student protests","clear california airports"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1254,1253,1252,1251,1250,601,600,550],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362,10],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                                                                  Static File Info

                                                                  General

                                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                  Entropy (8bit):7.961250971443957
                                                                  TrID:
                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                  • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                  • Windows Screen Saver (13104/52) 0.07%
                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                  File name:Packing List PDF.bat.exe
                                                                  File size:841'728 bytes
                                                                  MD5:5a12438b3b4c926c12a9376c7bf13426
                                                                  SHA1:c3185c6a5e5f07a5befbe4af7131d05634f5d1a3
                                                                  SHA256:1a794211deaa0ecb6abc6101d7c1bd61111b4dd2d895ee7ecf78fbf17f4c9ab3
                                                                  SHA512:16c1e0e18eb8b3345b8b05443b782cb1dd35492ac986811c39f3cdce8dfe85b003aba029ffca0e38aa33c951d0d08281825152b0e239471eac3de18ac67864d0
                                                                  SSDEEP:12288:tEqnHvjNIrpf9rN/mc/CaBmIwsyaPSIir97G6NLOZCGKEgbjuPBB5uO12rq:txPjKr5BNDWVxcSIiRG6atlB5N
                                                                  TLSH:1B052379B3F4D657C17256FD08ACA1659BF5210A3960E2C94DE0208FAEF1F40EB22B57
                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....+f..............0......4........... ........@.. .......................@............@................................

                                                                  File Icon

                                                                  Icon Hash:49598b8999894929

                                                                  Static PE Info

                                                                  General

                                                                  Entrypoint:0x4cc08e
                                                                  Entrypoint Section:.text
                                                                  Digitally signed:false
                                                                  Imagebase:0x400000
                                                                  Subsystem:windows gui
                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                  Time Stamp:0x662B1FDA [Fri Apr 26 03:30:34 2024 UTC]
                                                                  TLS Callbacks:
                                                                  CLR (.Net) Version:
                                                                  OS Version Major:4
                                                                  OS Version Minor:0
                                                                  File Version Major:4
                                                                  File Version Minor:0
                                                                  Subsystem Version Major:4
                                                                  Subsystem Version Minor:0
                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                  Entrypoint Preview

                                                                  Instruction
                                                                  jmp dword ptr [00402000h]
                                                                  cmp byte ptr [edi+38h], cl
                                                                  pop edx
                                                                  xor eax, 50374856h
                                                                  xor al, 00h
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [ecx+42h], al
                                                                  cmp byte ptr [esp+esi+51h], dl
                                                                  cmp byte ptr [ecx+4Fh], dl
                                                                  inc esp
                                                                  push ebp
                                                                  inc ebp
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al

                                                                  Data Directories

                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xcc03c0x4f.text
                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xce0000x311c.rsrc
                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xd20000xc.reloc
                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                  Sections

                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                  .text0x20000xca0b40xca200c4235dfbc7337906ba501b4afc8d6559False0.9419667014533086data7.966229540077175IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                  .rsrc0xce0000x311c0x3200b916bd942815ee9ffff9c00e8a147b3fFalse0.90890625data7.686332678556782IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .reloc0xd20000xc0x20074fbb5d1214fc5f0dfc95ecf5bd2bc9dFalse0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                  Resources

                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                  RT_ICON0xce0c80x2d07PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9655591220612475
                                                                  RT_GROUP_ICON0xd0de00x14data1.05
                                                                  RT_VERSION0xd0e040x314data0.4530456852791878

                                                                  Imports

                                                                  DLLImport
                                                                  mscoree.dll_CorExeMain

                                                                  Network Behavior

                                                                  Network Port Distribution

                                                                  TCP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Apr 26, 2024 14:44:50.189814091 CEST49675443192.168.2.523.1.237.91
                                                                  Apr 26, 2024 14:44:50.189815998 CEST49674443192.168.2.523.1.237.91
                                                                  Apr 26, 2024 14:44:50.299160957 CEST49673443192.168.2.523.1.237.91
                                                                  Apr 26, 2024 14:44:57.980645895 CEST49707443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:44:57.980700970 CEST44349707172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:44:57.980804920 CEST49707443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:44:57.989640951 CEST49707443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:44:57.989655972 CEST44349707172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:44:58.267031908 CEST44349707172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:44:58.267185926 CEST49707443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:44:58.270327091 CEST49707443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:44:58.270348072 CEST44349707172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:44:58.270756960 CEST44349707172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:44:58.310899973 CEST49707443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:44:59.814702988 CEST49675443192.168.2.523.1.237.91
                                                                  Apr 26, 2024 14:44:59.829632998 CEST49674443192.168.2.523.1.237.91
                                                                  Apr 26, 2024 14:45:00.001877069 CEST49673443192.168.2.523.1.237.91
                                                                  Apr 26, 2024 14:45:00.312880039 CEST49708443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.312922955 CEST44349708142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.312980890 CEST49708443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.328351021 CEST49714443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.328361988 CEST44349714142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.328403950 CEST49714443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.506444931 CEST49716443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.506519079 CEST44349716142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.506583929 CEST49716443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.507486105 CEST49717443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.507540941 CEST44349717142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.507605076 CEST49717443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.511519909 CEST49714443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.511522055 CEST49716443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.511524916 CEST49717443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.511528969 CEST49708443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.511564016 CEST44349714142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.511564970 CEST44349716142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.511584044 CEST44349717142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.511626959 CEST44349708142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.742014885 CEST49707443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:00.767817020 CEST49718443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.767921925 CEST44349718142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.768009901 CEST49718443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.768270969 CEST49718443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.768305063 CEST44349718142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.784147024 CEST44349707172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:00.858089924 CEST44349708142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.858541012 CEST44349714142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.858966112 CEST49708443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.859004974 CEST44349708142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.859121084 CEST49714443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.859129906 CEST44349714142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.861202955 CEST44349708142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.861275911 CEST44349714142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.861282110 CEST49708443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.861330032 CEST49714443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.867934942 CEST49714443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.868048906 CEST49714443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.868055105 CEST44349714142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.868072987 CEST44349714142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.872478008 CEST49708443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.872610092 CEST49708443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.872648001 CEST44349708142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.905471087 CEST44349707172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:00.905625105 CEST44349707172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:00.905819893 CEST49707443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:00.909182072 CEST44349717142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.909365892 CEST49717443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.909385920 CEST44349717142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.910525084 CEST44349716142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.910824060 CEST49716443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.910841942 CEST44349716142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.910955906 CEST44349717142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.911020994 CEST49717443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.911287069 CEST49717443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.911372900 CEST44349717142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.911408901 CEST49717443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.911869049 CEST49707443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:00.912451029 CEST44349716142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.912535906 CEST49716443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.912779093 CEST49716443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.912858009 CEST44349716142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.912873983 CEST49716443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.937784910 CEST49708443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.937789917 CEST49714443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:00.937793970 CEST44349708142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.937798977 CEST44349714142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.952145100 CEST44349717142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.956130028 CEST44349716142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:00.973015070 CEST49719443192.168.2.523.193.120.112
                                                                  Apr 26, 2024 14:45:00.973043919 CEST4434971923.193.120.112192.168.2.5
                                                                  Apr 26, 2024 14:45:00.973275900 CEST49719443192.168.2.523.193.120.112
                                                                  Apr 26, 2024 14:45:00.975030899 CEST49719443192.168.2.523.193.120.112
                                                                  Apr 26, 2024 14:45:00.975042105 CEST4434971923.193.120.112192.168.2.5
                                                                  Apr 26, 2024 14:45:01.008169889 CEST49716443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.008227110 CEST44349716142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.095877886 CEST44349718142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.116151094 CEST44349717142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.117120028 CEST49717443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.120659113 CEST49718443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.120697021 CEST44349718142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.124640942 CEST44349718142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.124722004 CEST49718443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.131233931 CEST49708443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.131258011 CEST49714443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.147350073 CEST49718443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.147664070 CEST44349718142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.200949907 CEST44349714142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.200997114 CEST44349714142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.201101065 CEST49714443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.201116085 CEST44349714142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.204133987 CEST44349714142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.204212904 CEST49714443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.207458973 CEST49716443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.207462072 CEST49718443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.207484007 CEST44349718142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.255136013 CEST4434971923.193.120.112192.168.2.5
                                                                  Apr 26, 2024 14:45:01.255203962 CEST49719443192.168.2.523.193.120.112
                                                                  Apr 26, 2024 14:45:01.310559988 CEST49718443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.339865923 CEST49719443192.168.2.523.193.120.112
                                                                  Apr 26, 2024 14:45:01.339881897 CEST4434971923.193.120.112192.168.2.5
                                                                  Apr 26, 2024 14:45:01.340917110 CEST4434971923.193.120.112192.168.2.5
                                                                  Apr 26, 2024 14:45:01.375844002 CEST49708443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.376024008 CEST44349708142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.376116037 CEST49708443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.376458883 CEST4434970323.1.237.91192.168.2.5
                                                                  Apr 26, 2024 14:45:01.376547098 CEST49703443192.168.2.523.1.237.91
                                                                  Apr 26, 2024 14:45:01.411933899 CEST49714443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.411957979 CEST44349714142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.464144945 CEST49719443192.168.2.523.193.120.112
                                                                  Apr 26, 2024 14:45:01.508164883 CEST4434971923.193.120.112192.168.2.5
                                                                  Apr 26, 2024 14:45:01.531167030 CEST44349717142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.531244040 CEST49717443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.531295061 CEST44349717142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.531372070 CEST44349717142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.531436920 CEST49717443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.581713915 CEST49717443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.581759930 CEST44349717142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.584081888 CEST49718443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.585836887 CEST44349716142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.585905075 CEST49716443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.585985899 CEST44349716142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.586153030 CEST44349716142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.586339951 CEST49716443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.586339951 CEST49716443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.586374998 CEST44349716142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.586432934 CEST49716443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.586432934 CEST49716443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.592025042 CEST4434971923.193.120.112192.168.2.5
                                                                  Apr 26, 2024 14:45:01.592202902 CEST4434971923.193.120.112192.168.2.5
                                                                  Apr 26, 2024 14:45:01.592247009 CEST49719443192.168.2.523.193.120.112
                                                                  Apr 26, 2024 14:45:01.613430023 CEST49720443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.613459110 CEST44349720142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.613831997 CEST49720443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.614072084 CEST49720443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.614084005 CEST44349720142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.621552944 CEST49719443192.168.2.523.193.120.112
                                                                  Apr 26, 2024 14:45:01.621561050 CEST4434971923.193.120.112192.168.2.5
                                                                  Apr 26, 2024 14:45:01.621572971 CEST49719443192.168.2.523.193.120.112
                                                                  Apr 26, 2024 14:45:01.621577024 CEST4434971923.193.120.112192.168.2.5
                                                                  Apr 26, 2024 14:45:01.628139019 CEST44349718142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.713483095 CEST49721443192.168.2.523.193.120.112
                                                                  Apr 26, 2024 14:45:01.713579893 CEST4434972123.193.120.112192.168.2.5
                                                                  Apr 26, 2024 14:45:01.713661909 CEST49721443192.168.2.523.193.120.112
                                                                  Apr 26, 2024 14:45:01.713923931 CEST49721443192.168.2.523.193.120.112
                                                                  Apr 26, 2024 14:45:01.713948011 CEST4434972123.193.120.112192.168.2.5
                                                                  Apr 26, 2024 14:45:01.906404972 CEST44349718142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.906478882 CEST44349718142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.906564951 CEST44349718142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.906564951 CEST49718443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.906636000 CEST44349718142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.906733036 CEST44349718142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:01.906778097 CEST49718443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.906806946 CEST49718443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.909168959 CEST49718443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:01.909199953 CEST44349718142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:02.000564098 CEST4434972123.193.120.112192.168.2.5
                                                                  Apr 26, 2024 14:45:02.000684023 CEST49721443192.168.2.523.193.120.112
                                                                  Apr 26, 2024 14:45:02.003285885 CEST49721443192.168.2.523.193.120.112
                                                                  Apr 26, 2024 14:45:02.003314018 CEST4434972123.193.120.112192.168.2.5
                                                                  Apr 26, 2024 14:45:02.003663063 CEST4434972123.193.120.112192.168.2.5
                                                                  Apr 26, 2024 14:45:02.004834890 CEST49721443192.168.2.523.193.120.112
                                                                  Apr 26, 2024 14:45:02.022150993 CEST44349720142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:02.027746916 CEST49720443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:02.027759075 CEST44349720142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:02.028361082 CEST44349720142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:02.031743050 CEST49720443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:02.031835079 CEST44349720142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:02.031908989 CEST49720443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:02.052118063 CEST4434972123.193.120.112192.168.2.5
                                                                  Apr 26, 2024 14:45:02.066957951 CEST49722587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:45:02.076119900 CEST44349720142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:02.200615883 CEST49720443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:02.250987053 CEST4434972123.193.120.112192.168.2.5
                                                                  Apr 26, 2024 14:45:02.251072884 CEST4434972123.193.120.112192.168.2.5
                                                                  Apr 26, 2024 14:45:02.251131058 CEST49721443192.168.2.523.193.120.112
                                                                  Apr 26, 2024 14:45:02.254873991 CEST49721443192.168.2.523.193.120.112
                                                                  Apr 26, 2024 14:45:02.254895926 CEST4434972123.193.120.112192.168.2.5
                                                                  Apr 26, 2024 14:45:02.254914045 CEST49721443192.168.2.523.193.120.112
                                                                  Apr 26, 2024 14:45:02.254921913 CEST4434972123.193.120.112192.168.2.5
                                                                  Apr 26, 2024 14:45:02.411514044 CEST44349720142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:02.411571026 CEST44349720142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:02.411638021 CEST44349720142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:02.411674023 CEST49720443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:02.411689997 CEST44349720142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:02.411731958 CEST44349720142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:02.411737919 CEST49720443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:02.411865950 CEST49720443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:02.412615061 CEST49720443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:45:02.412630081 CEST44349720142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:45:03.201545000 CEST49722587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:45:05.226758003 CEST49722587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:45:09.310674906 CEST49722587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:45:10.396135092 CEST49724443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:10.396183014 CEST4434972420.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:10.396260977 CEST49724443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:10.401791096 CEST49724443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:10.401820898 CEST4434972420.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:10.878706932 CEST4434972420.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:10.878796101 CEST49724443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:10.881115913 CEST49724443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:10.881134987 CEST4434972420.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:10.881397963 CEST4434972420.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:10.956007004 CEST49725443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:10.956053019 CEST44349725172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:10.956157923 CEST49725443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:10.962021112 CEST49725443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:10.962033987 CEST44349725172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:11.029572010 CEST49724443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:11.219139099 CEST44349725172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:11.219223976 CEST49725443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:11.220545053 CEST49725443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:11.220558882 CEST44349725172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:11.220772028 CEST44349725172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:11.276537895 CEST49725443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:11.320123911 CEST44349725172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:11.391984940 CEST49724443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:11.436125040 CEST4434972420.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:11.560441971 CEST44349725172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:11.560511112 CEST44349725172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:11.560734034 CEST49725443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:11.564340115 CEST49725443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:11.699697018 CEST4434972420.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:11.699723005 CEST4434972420.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:11.699728966 CEST4434972420.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:11.699841976 CEST49724443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:11.699877024 CEST4434972420.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:11.699897051 CEST4434972420.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:11.699908018 CEST4434972420.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:11.699930906 CEST4434972420.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:11.699943066 CEST49724443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:11.699989080 CEST49724443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:11.700282097 CEST4434972420.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:11.700288057 CEST4434972420.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:11.700309992 CEST4434972420.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:11.700324059 CEST49724443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:11.700354099 CEST49724443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:11.700357914 CEST4434972420.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:11.700371027 CEST4434972420.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:11.700428009 CEST49724443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:13.242748022 CEST49724443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:13.242821932 CEST4434972420.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:13.242860079 CEST49724443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:13.242878914 CEST4434972420.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:14.501717091 CEST49732587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:45:14.516367912 CEST49703443192.168.2.523.1.237.91
                                                                  Apr 26, 2024 14:45:14.516450882 CEST49703443192.168.2.523.1.237.91
                                                                  Apr 26, 2024 14:45:14.529455900 CEST49733443192.168.2.523.1.237.91
                                                                  Apr 26, 2024 14:45:14.529489994 CEST4434973323.1.237.91192.168.2.5
                                                                  Apr 26, 2024 14:45:14.529553890 CEST49733443192.168.2.523.1.237.91
                                                                  Apr 26, 2024 14:45:14.541256905 CEST49733443192.168.2.523.1.237.91
                                                                  Apr 26, 2024 14:45:14.541276932 CEST4434973323.1.237.91192.168.2.5
                                                                  Apr 26, 2024 14:45:14.713884115 CEST4434970323.1.237.91192.168.2.5
                                                                  Apr 26, 2024 14:45:14.713905096 CEST4434970323.1.237.91192.168.2.5
                                                                  Apr 26, 2024 14:45:14.945559978 CEST4434973323.1.237.91192.168.2.5
                                                                  Apr 26, 2024 14:45:14.945630074 CEST49733443192.168.2.523.1.237.91
                                                                  Apr 26, 2024 14:45:15.123785973 CEST49733443192.168.2.523.1.237.91
                                                                  Apr 26, 2024 14:45:15.123811960 CEST4434973323.1.237.91192.168.2.5
                                                                  Apr 26, 2024 14:45:15.124176979 CEST4434973323.1.237.91192.168.2.5
                                                                  Apr 26, 2024 14:45:15.124267101 CEST49733443192.168.2.523.1.237.91
                                                                  Apr 26, 2024 14:45:15.130934954 CEST49733443192.168.2.523.1.237.91
                                                                  Apr 26, 2024 14:45:15.130965948 CEST4434973323.1.237.91192.168.2.5
                                                                  Apr 26, 2024 14:45:15.131084919 CEST49733443192.168.2.523.1.237.91
                                                                  Apr 26, 2024 14:45:15.131093979 CEST4434973323.1.237.91192.168.2.5
                                                                  Apr 26, 2024 14:45:15.403139114 CEST4434973323.1.237.91192.168.2.5
                                                                  Apr 26, 2024 14:45:15.403264999 CEST49733443192.168.2.523.1.237.91
                                                                  Apr 26, 2024 14:45:15.403574944 CEST4434973323.1.237.91192.168.2.5
                                                                  Apr 26, 2024 14:45:15.403693914 CEST4434973323.1.237.91192.168.2.5
                                                                  Apr 26, 2024 14:45:15.403744936 CEST49733443192.168.2.523.1.237.91
                                                                  Apr 26, 2024 14:45:15.403744936 CEST49733443192.168.2.523.1.237.91
                                                                  Apr 26, 2024 14:45:15.529213905 CEST49732587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:45:17.310456038 CEST49722587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:45:17.529335976 CEST49732587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:45:18.773106098 CEST49734443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:18.773195028 CEST44349734172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:18.773317099 CEST49734443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:18.780987024 CEST49734443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:18.781023979 CEST44349734172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:19.045694113 CEST44349734172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:19.045819044 CEST49734443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:19.047668934 CEST49734443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:19.047684908 CEST44349734172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:19.047908068 CEST44349734172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:19.157973051 CEST49734443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:19.170955896 CEST49734443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:19.212119102 CEST44349734172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:19.375221968 CEST44349734172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:19.375303984 CEST44349734172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:19.375452995 CEST49734443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:19.379004955 CEST49734443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:19.965495110 CEST49735587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:45:21.013956070 CEST49735587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:45:21.535639048 CEST49732587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:45:23.158582926 CEST49735587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:45:27.201059103 CEST49735587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:45:27.496176004 CEST49736443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:27.496244907 CEST44349736172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:27.496325970 CEST49736443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:27.499509096 CEST49736443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:27.499541998 CEST44349736172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:27.763915062 CEST44349736172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:27.763982058 CEST49736443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:27.765940905 CEST49736443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:27.765954018 CEST44349736172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:27.766175985 CEST44349736172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:27.810432911 CEST49736443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:27.813967943 CEST49736443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:27.856122971 CEST44349736172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:28.178664923 CEST44349736172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:28.178745031 CEST44349736172.67.74.152192.168.2.5
                                                                  Apr 26, 2024 14:45:28.179126978 CEST49736443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:28.184089899 CEST49736443192.168.2.5172.67.74.152
                                                                  Apr 26, 2024 14:45:28.663284063 CEST49737587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:45:29.638606071 CEST49732587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:45:29.701101065 CEST49737587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:45:31.768870115 CEST49737587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:45:35.201145887 CEST49735587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:45:35.779175043 CEST49737587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:45:43.794960022 CEST49737587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:45:51.674081087 CEST49738443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:51.674138069 CEST4434973820.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:51.674231052 CEST49738443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:51.674607038 CEST49738443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:51.674624920 CEST4434973820.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:52.144222021 CEST4434973820.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:52.144397974 CEST49738443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:52.146614075 CEST49738443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:52.146625996 CEST4434973820.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:52.146856070 CEST4434973820.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:52.169430017 CEST49738443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:52.216111898 CEST4434973820.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:52.601418972 CEST4434973820.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:52.601448059 CEST4434973820.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:52.601463079 CEST4434973820.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:52.601618052 CEST49738443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:52.601660013 CEST4434973820.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:52.601741076 CEST49738443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:52.602063894 CEST4434973820.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:52.602103949 CEST4434973820.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:52.602147102 CEST49738443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:52.602189064 CEST4434973820.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:52.602210045 CEST4434973820.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:52.602257967 CEST49738443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:52.602293968 CEST49738443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:52.608689070 CEST49738443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:52.608746052 CEST4434973820.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:45:52.608781099 CEST49738443192.168.2.520.12.23.50
                                                                  Apr 26, 2024 14:45:52.608795881 CEST4434973820.12.23.50192.168.2.5
                                                                  Apr 26, 2024 14:46:02.358697891 CEST49740443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:46:02.358761072 CEST44349740142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:46:02.358958006 CEST49740443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:46:02.359214067 CEST49740443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:46:02.359231949 CEST44349740142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:46:02.687020063 CEST44349740142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:46:02.687504053 CEST49740443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:46:02.687515020 CEST44349740142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:46:02.687845945 CEST44349740142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:46:02.688401937 CEST49740443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:46:02.688456059 CEST44349740142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:46:02.731980085 CEST49740443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:46:12.673820019 CEST44349740142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:46:12.673990011 CEST44349740142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:46:12.674073935 CEST49740443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:46:12.780463934 CEST49740443192.168.2.5142.250.217.228
                                                                  Apr 26, 2024 14:46:12.780495882 CEST44349740142.250.217.228192.168.2.5
                                                                  Apr 26, 2024 14:46:47.075545073 CEST49742587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:46:48.069936037 CEST49742587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:46:50.070887089 CEST49742587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:46:54.263143063 CEST49742587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:46:57.924958944 CEST49743587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:46:59.044296026 CEST49743587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:01.139595032 CEST49743587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:02.357218027 CEST49742587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:05.138734102 CEST49743587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:13.100950956 CEST49744587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:13.139075041 CEST49743587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:14.153975964 CEST49744587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:16.165081024 CEST49744587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:19.244151115 CEST49743587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:20.249883890 CEST49744587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:20.305835009 CEST49745587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:20.341758966 CEST49743587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:21.344010115 CEST49745587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:22.341785908 CEST49743587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:23.529639006 CEST49745587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:26.341948986 CEST49743587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:27.544364929 CEST49745587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:28.359739065 CEST49744587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:34.342590094 CEST49743587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:34.363622904 CEST49744587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:35.410846949 CEST49744587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:35.638571978 CEST49745587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:37.519880056 CEST49744587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:40.343575001 CEST49746587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:41.389803886 CEST49746587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:41.520512104 CEST49744587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:43.417474985 CEST49746587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:47.438581944 CEST49746587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:49.560697079 CEST49744587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:50.131669044 CEST49747587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:51.142258883 CEST49747587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:53.341993093 CEST49747587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:55.560169935 CEST49746587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:56.192620993 CEST49748587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:57.238898039 CEST49748587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:57.430413008 CEST49747587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:47:59.341742039 CEST49748587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:01.655877113 CEST49746587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:01.810723066 CEST49749587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:02.747984886 CEST49746587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:02.857404947 CEST49749587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:03.341814995 CEST49748587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:04.856705904 CEST49746587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:05.048815012 CEST49749587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:05.529189110 CEST49747587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:07.131340027 CEST49750587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:08.141927004 CEST49750587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:08.858010054 CEST49746587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:09.060998917 CEST49749587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:10.341351986 CEST49750587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:11.341936111 CEST49748587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:11.531483889 CEST49747587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:12.639585018 CEST49747587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:14.343595028 CEST49750587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:14.842183113 CEST49747587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:16.858341932 CEST49746587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:17.062849998 CEST49749587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:17.437289000 CEST49748587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:18.529968977 CEST49748587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:19.029171944 CEST49747587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:20.006277084 CEST49751587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:20.529831886 CEST49748587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:21.122165918 CEST49751587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:22.342120886 CEST49750587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:22.858513117 CEST49752587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:23.153712034 CEST49751587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:23.154879093 CEST49749587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:23.950537920 CEST49752587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:24.266169071 CEST49749587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:24.544410944 CEST49748587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:26.029721022 CEST49752587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:26.357844114 CEST49749587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:27.030013084 CEST49747587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:27.212841988 CEST49751587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:28.582700014 CEST49750587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:29.738152027 CEST49750587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:30.137655020 CEST49752587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:30.357229948 CEST49749587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:31.841609955 CEST49750587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:32.638679028 CEST49748587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:35.237241030 CEST49751587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:35.841619015 CEST49750587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:38.233731985 CEST49752587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:38.453766108 CEST49749587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:38.821708918 CEST49753587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:39.860194921 CEST49753587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:41.359205008 CEST49751587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:42.060839891 CEST49753587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:42.417675018 CEST49751587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:43.843364954 CEST49750587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:44.233602047 CEST49752587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:44.451327085 CEST49751587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:45.343605995 CEST49752587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:46.185710907 CEST49753587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:47.047386885 CEST49754587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:47.343163967 CEST49752587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:48.138736010 CEST49754587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:48.451239109 CEST49751587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:50.033646107 CEST49755587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:50.138518095 CEST49754587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:51.060333014 CEST49755587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:51.341639042 CEST49752587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:53.114788055 CEST49755587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:54.139609098 CEST49754587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:54.326390028 CEST49753587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:55.979626894 CEST49756587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:56.560868025 CEST49751587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:57.154633999 CEST49756587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:57.154669046 CEST49755587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:59.341717005 CEST49752587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:48:59.357316017 CEST49756587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:49:02.138386011 CEST49754587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:49:03.358628035 CEST49756587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:49:04.654603958 CEST49757587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:49:05.170183897 CEST49755587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:49:05.842024088 CEST49757587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:49:06.973998070 CEST49758587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:49:07.503557920 CEST49753587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:49:07.503886938 CEST49759587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:49:07.841315031 CEST49757587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:49:07.981925011 CEST49758587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:49:08.138392925 CEST49754587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:49:08.513197899 CEST49759587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:49:08.513202906 CEST49753587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:49:09.138269901 CEST49754587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:49:09.981936932 CEST49758587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:49:10.513199091 CEST49759587192.168.2.550.87.195.61
                                                                  Apr 26, 2024 14:49:10.528800011 CEST49753587192.168.2.550.87.195.61

                                                                  UDP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Apr 26, 2024 14:44:57.557789087 CEST6157153192.168.2.51.1.1.1
                                                                  Apr 26, 2024 14:44:57.682739973 CEST53615711.1.1.1192.168.2.5
                                                                  Apr 26, 2024 14:44:58.133982897 CEST5488953192.168.2.51.1.1.1
                                                                  Apr 26, 2024 14:44:58.134268045 CEST5380553192.168.2.51.1.1.1
                                                                  Apr 26, 2024 14:44:58.156471014 CEST53578301.1.1.1192.168.2.5
                                                                  Apr 26, 2024 14:44:58.257688999 CEST53605451.1.1.1192.168.2.5
                                                                  Apr 26, 2024 14:44:58.259588957 CEST53538051.1.1.1192.168.2.5
                                                                  Apr 26, 2024 14:44:58.260133028 CEST53548891.1.1.1192.168.2.5
                                                                  Apr 26, 2024 14:45:01.541001081 CEST53550681.1.1.1192.168.2.5
                                                                  Apr 26, 2024 14:45:01.863120079 CEST5123753192.168.2.51.1.1.1
                                                                  Apr 26, 2024 14:45:02.066370964 CEST53512371.1.1.1192.168.2.5
                                                                  Apr 26, 2024 14:45:23.940778017 CEST53643901.1.1.1192.168.2.5
                                                                  Apr 26, 2024 14:45:46.593375921 CEST53623781.1.1.1192.168.2.5
                                                                  Apr 26, 2024 14:45:57.775088072 CEST53497321.1.1.1192.168.2.5
                                                                  Apr 26, 2024 14:46:12.906519890 CEST53506631.1.1.1192.168.2.5
                                                                  Apr 26, 2024 14:46:47.156265020 CEST53505181.1.1.1192.168.2.5
                                                                  Apr 26, 2024 14:47:36.640399933 CEST53512831.1.1.1192.168.2.5
                                                                  Apr 26, 2024 14:48:40.169778109 CEST138138192.168.2.5192.168.2.255
                                                                  Apr 26, 2024 14:48:46.634506941 CEST53513251.1.1.1192.168.2.5

                                                                  DNS Queries

                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                  Apr 26, 2024 14:44:57.557789087 CEST192.168.2.51.1.1.10x5c8Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                  Apr 26, 2024 14:44:58.133982897 CEST192.168.2.51.1.1.10x35a6Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                  Apr 26, 2024 14:44:58.134268045 CEST192.168.2.51.1.1.10x1c17Standard query (0)www.google.com65IN (0x0001)false
                                                                  Apr 26, 2024 14:45:01.863120079 CEST192.168.2.51.1.1.10xb4cdStandard query (0)mail.fascia-arch.comA (IP address)IN (0x0001)false

                                                                  DNS Answers

                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                  Apr 26, 2024 14:44:57.682739973 CEST1.1.1.1192.168.2.50x5c8No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                  Apr 26, 2024 14:44:57.682739973 CEST1.1.1.1192.168.2.50x5c8No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                  Apr 26, 2024 14:44:57.682739973 CEST1.1.1.1192.168.2.50x5c8No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                  Apr 26, 2024 14:44:58.259588957 CEST1.1.1.1192.168.2.50x1c17No error (0)www.google.com65IN (0x0001)false
                                                                  Apr 26, 2024 14:44:58.260133028 CEST1.1.1.1192.168.2.50x35a6No error (0)www.google.com142.250.217.228A (IP address)IN (0x0001)false
                                                                  Apr 26, 2024 14:45:02.066370964 CEST1.1.1.1192.168.2.50xb4cdNo error (0)mail.fascia-arch.com50.87.195.61A (IP address)IN (0x0001)false

                                                                  HTTP Request Dependency Graph

                                                                  • api.ipify.org
                                                                  • www.google.com
                                                                  • fs.microsoft.com
                                                                  • slscr.update.microsoft.com
                                                                  • https:
                                                                    • www.bing.com

                                                                  HTTPS Proxied Packets

                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  0192.168.2.549707172.67.74.1524437348C:\Users\user\Desktop\Packing List PDF.bat.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-04-26 12:45:00 UTC155OUTGET / HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                  Host: api.ipify.org
                                                                  Connection: Keep-Alive
                                                                  2024-04-26 12:45:00 UTC211INHTTP/1.1 200 OK
                                                                  Date: Fri, 26 Apr 2024 12:45:00 GMT
                                                                  Content-Type: text/plain
                                                                  Content-Length: 15
                                                                  Connection: close
                                                                  Vary: Origin
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Server: cloudflare
                                                                  CF-RAY: 87a6aae009888dc6-MIA
                                                                  2024-04-26 12:45:00 UTC15INData Raw: 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 32 30
                                                                  Data Ascii: 102.129.152.220


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  1192.168.2.549714142.250.217.2284437684C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-04-26 12:45:00 UTC615OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                  Host: www.google.com
                                                                  Connection: keep-alive
                                                                  X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                                  Sec-Fetch-Site: none
                                                                  Sec-Fetch-Mode: no-cors
                                                                  Sec-Fetch-Dest: empty
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  2024-04-26 12:45:01 UTC1703INHTTP/1.1 200 OK
                                                                  Date: Fri, 26 Apr 2024 12:45:01 GMT
                                                                  Pragma: no-cache
                                                                  Expires: -1
                                                                  Cache-Control: no-cache, must-revalidate
                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-kT8FigHfqaXEPgESPyMp4g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                  Accept-CH: Sec-CH-UA-Model
                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                  Permissions-Policy: unload=()
                                                                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                  Server: gws
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Accept-Ranges: none
                                                                  Vary: Accept-Encoding
                                                                  Connection: close
                                                                  Transfer-Encoding: chunked
                                                                  2024-04-26 12:45:01 UTC789INData Raw: 33 30 65 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6e 62 61 20 61 77 61 72 64 73 20 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 64 61 74 65 73 20 32 30 32 34 22 2c 22 61 67 65 20 63 61 70 20 73 70 6f 74 69 66 79 22 2c 22 61 70 70 6c 65 20 69 70 68 6f 6e 65 20 31 36 20 70 72 6f 20 6d 61 78 22 2c 22 63 6c 65 76 65 6c 61 6e 64 20 62 72 6f 77 6e 73 20 6e 66 6c 20 64 72 61 66 74 22 2c 22 6c 61 74 69 6e 20 61 6d 65 72 69 63 61 6e 20 6d 75 73 69 63 20 61 77 61 72 64 73 22 2c 22 6d 61 6e 6f 72 20 6c 6f 72 64 73 20 72 65 6c 65 61 73 65 20 74 69 6d 65 22 2c 22 63 6f 6c 75 6d 62 69 61 20 73 74 75 64 65 6e 74 20 70 72 6f 74 65 73 74 73 22 2c 22 63 6c 65 61 72 20 63 61 6c 69 66 6f 72 6e 69 61 20 61 69 72 70 6f 72 74 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c
                                                                  Data Ascii: 30e)]}'["",["nba awards announcement dates 2024","age cap spotify","apple iphone 16 pro max","cleveland browns nfl draft","latin american music awards","manor lords release time","columbia student protests","clear california airports"],["","","","","",
                                                                  2024-04-26 12:45:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  2192.168.2.549708142.250.217.2284437684C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-04-26 12:45:00 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                                                  Host: www.google.com
                                                                  Connection: keep-alive
                                                                  Sec-Fetch-Site: none
                                                                  Sec-Fetch-Mode: no-cors
                                                                  Sec-Fetch-Dest: empty
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  3192.168.2.549717142.250.217.2284437684C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-04-26 12:45:00 UTC518OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                  Host: www.google.com
                                                                  Connection: keep-alive
                                                                  X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                                  Sec-Fetch-Site: cross-site
                                                                  Sec-Fetch-Mode: no-cors
                                                                  Sec-Fetch-Dest: empty
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  2024-04-26 12:45:01 UTC1843INHTTP/1.1 302 Found
                                                                  Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGM3DrrEGIjDy4V0_H3Yjc85slo8hhBKKQ10ZDiDsFUznR22jXujdUr7c3uzDt_B_DWQMzTa2E2wyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                  x-hallmonitor-challenge: CgwIzcOusQYQt8XNygESBGaBmNw
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                  Permissions-Policy: unload=()
                                                                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                  Date: Fri, 26 Apr 2024 12:45:01 GMT
                                                                  Server: gws
                                                                  Content-Length: 458
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  Set-Cookie: 1P_JAR=2024-04-26-12; expires=Sun, 26-May-2024 12:45:01 GMT; path=/; domain=.google.com; Secure; SameSite=none
                                                                  Set-Cookie: NID=513=XLUDzZxOMdVXuOYMhfAbe4bdNk2K2exdFpQnpeTHF3w8Et9_s1MhyGgtvcuJ2SIWE4aCCH9ABgYjTnt--4H-3euCr8x1eBR6pjMAnllj44KLfAs4Jo62xCigsfCuoJSLXRPe-ZXMqCdhpSRtXvo2NPXQbhphJ3GVLSPGf28pqf4; expires=Sat, 26-Oct-2024 12:45:01 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close
                                                                  2024-04-26 12:45:01 UTC458INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68
                                                                  Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fh


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  4192.168.2.549716142.250.217.2284437684C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-04-26 12:45:00 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                  Host: www.google.com
                                                                  Connection: keep-alive
                                                                  Sec-Fetch-Site: cross-site
                                                                  Sec-Fetch-Mode: no-cors
                                                                  Sec-Fetch-Dest: empty
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  2024-04-26 12:45:01 UTC1761INHTTP/1.1 302 Found
                                                                  Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGM3DrrEGIjCh-Z92sb0-vV99vzjR5lAr82DSiquRDqbOuOzSa8pK8DSxKaDTVvY45j6P2ULr1Z8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                  x-hallmonitor-challenge: CgwIzcOusQYQjIum5AESBGaBmNw
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                  Permissions-Policy: unload=()
                                                                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                  Date: Fri, 26 Apr 2024 12:45:01 GMT
                                                                  Server: gws
                                                                  Content-Length: 417
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  Set-Cookie: 1P_JAR=2024-04-26-12; expires=Sun, 26-May-2024 12:45:01 GMT; path=/; domain=.google.com; Secure; SameSite=none
                                                                  Set-Cookie: NID=513=mMwiw4i0Kg58TTLAfuzRFCNDrdt6qwnOhwTNm1zMsMCP1dGlXLmTa0kzpQcLyF6P50Sf94ZabynScJyuWhwCFMWTpg495oU_fLCrOIoAsVde5D2-m59sw9uOxHKSpJ_FTS1F9OwvnS04IYxy_P3JBoIuP5uc4RIsbcr8pbEEr-U; expires=Sat, 26-Oct-2024 12:45:01 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close
                                                                  2024-04-26 12:45:01 UTC417INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 26
                                                                  Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  5192.168.2.54971923.193.120.112443
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-04-26 12:45:01 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                  Connection: Keep-Alive
                                                                  Accept: */*
                                                                  Accept-Encoding: identity
                                                                  User-Agent: Microsoft BITS/7.8
                                                                  Host: fs.microsoft.com
                                                                  2024-04-26 12:45:01 UTC466INHTTP/1.1 200 OK
                                                                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                  Content-Type: application/octet-stream
                                                                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                  Server: ECAcc (chd/0712)
                                                                  X-CID: 11
                                                                  X-Ms-ApiVersion: Distribute 1.2
                                                                  X-Ms-Region: prod-eus-z1
                                                                  Cache-Control: public, max-age=65971
                                                                  Date: Fri, 26 Apr 2024 12:45:01 GMT
                                                                  Connection: close
                                                                  X-CID: 2


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  6192.168.2.549718142.250.217.2284437684C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-04-26 12:45:01 UTC920OUTGET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGM3DrrEGIjDy4V0_H3Yjc85slo8hhBKKQ10ZDiDsFUznR22jXujdUr7c3uzDt_B_DWQMzTa2E2wyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                                  Host: www.google.com
                                                                  Connection: keep-alive
                                                                  X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                                  Sec-Fetch-Site: cross-site
                                                                  Sec-Fetch-Mode: no-cors
                                                                  Sec-Fetch-Dest: empty
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Cookie: 1P_JAR=2024-04-26-12; NID=513=XLUDzZxOMdVXuOYMhfAbe4bdNk2K2exdFpQnpeTHF3w8Et9_s1MhyGgtvcuJ2SIWE4aCCH9ABgYjTnt--4H-3euCr8x1eBR6pjMAnllj44KLfAs4Jo62xCigsfCuoJSLXRPe-ZXMqCdhpSRtXvo2NPXQbhphJ3GVLSPGf28pqf4
                                                                  2024-04-26 12:45:01 UTC356INHTTP/1.1 429 Too Many Requests
                                                                  Date: Fri, 26 Apr 2024 12:45:01 GMT
                                                                  Pragma: no-cache
                                                                  Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                  Content-Type: text/html
                                                                  Server: HTTP server (unknown)
                                                                  Content-Length: 3186
                                                                  X-XSS-Protection: 0
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close
                                                                  2024-04-26 12:45:01 UTC899INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79
                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&amp;asy
                                                                  2024-04-26 12:45:01 UTC1255INData Raw: 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 6a 79 66 37 79 6d 41 58 6d
                                                                  Data Ascii: <script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="jyf7ymAXm
                                                                  2024-04-26 12:45:01 UTC1032INData Raw: 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74
                                                                  Data Ascii: ; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly aft


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  7192.168.2.54972123.193.120.112443
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-04-26 12:45:02 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                  Connection: Keep-Alive
                                                                  Accept: */*
                                                                  Accept-Encoding: identity
                                                                  If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                  Range: bytes=0-2147483646
                                                                  User-Agent: Microsoft BITS/7.8
                                                                  Host: fs.microsoft.com
                                                                  2024-04-26 12:45:02 UTC530INHTTP/1.1 200 OK
                                                                  Content-Type: application/octet-stream
                                                                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                  ApiVersion: Distribute 1.1
                                                                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                  X-Azure-Ref: 0DZ+oYgAAAABSxwJpMgMuSLkfS640ajfFQVRBRURHRTEyMTkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
                                                                  Cache-Control: public, max-age=65983
                                                                  Date: Fri, 26 Apr 2024 12:45:02 GMT
                                                                  Content-Length: 55
                                                                  Connection: close
                                                                  X-CID: 2
                                                                  2024-04-26 12:45:02 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                  Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  8192.168.2.549720142.250.217.2284437684C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-04-26 12:45:02 UTC738OUTGET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGM3DrrEGIjCh-Z92sb0-vV99vzjR5lAr82DSiquRDqbOuOzSa8pK8DSxKaDTVvY45j6P2ULr1Z8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                                  Host: www.google.com
                                                                  Connection: keep-alive
                                                                  Sec-Fetch-Site: cross-site
                                                                  Sec-Fetch-Mode: no-cors
                                                                  Sec-Fetch-Dest: empty
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Cookie: 1P_JAR=2024-04-26-12; NID=513=mMwiw4i0Kg58TTLAfuzRFCNDrdt6qwnOhwTNm1zMsMCP1dGlXLmTa0kzpQcLyF6P50Sf94ZabynScJyuWhwCFMWTpg495oU_fLCrOIoAsVde5D2-m59sw9uOxHKSpJ_FTS1F9OwvnS04IYxy_P3JBoIuP5uc4RIsbcr8pbEEr-U
                                                                  2024-04-26 12:45:02 UTC356INHTTP/1.1 429 Too Many Requests
                                                                  Date: Fri, 26 Apr 2024 12:45:02 GMT
                                                                  Pragma: no-cache
                                                                  Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                  Content-Type: text/html
                                                                  Server: HTTP server (unknown)
                                                                  Content-Length: 3114
                                                                  X-XSS-Protection: 0
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close
                                                                  2024-04-26 12:45:02 UTC899INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64
                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
                                                                  2024-04-26 12:45:02 UTC1255INData Raw: 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 58 6b 4c 6a 52 70 64 6e 38 51 50 63 35 4d 34 65 30 53 78 32 75 5a 4a 4c 47 4f 56 7a 39 64 6e 73 74
                                                                  Data Ascii: ack = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="XkLjRpdn8QPc5M4e0Sx2uZJLGOVz9dnst
                                                                  2024-04-26 12:45:02 UTC960INData Raw: 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 73 6f 6c 76 69 6e
                                                                  Data Ascii: ogle automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the meantime, solvin


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  9192.168.2.549725172.67.74.1524437264C:\Users\user\AppData\Roaming\CmxzrHBB.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-04-26 12:45:11 UTC155OUTGET / HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                  Host: api.ipify.org
                                                                  Connection: Keep-Alive
                                                                  2024-04-26 12:45:11 UTC211INHTTP/1.1 200 OK
                                                                  Date: Fri, 26 Apr 2024 12:45:11 GMT
                                                                  Content-Type: text/plain
                                                                  Content-Length: 15
                                                                  Connection: close
                                                                  Vary: Origin
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Server: cloudflare
                                                                  CF-RAY: 87a6ab228ae667ce-MIA
                                                                  2024-04-26 12:45:11 UTC15INData Raw: 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 32 30
                                                                  Data Ascii: 102.129.152.220


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  10192.168.2.54972420.12.23.50443
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-04-26 12:45:11 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oECBsU8SvDWmGwB&MD=GeXZP6XL HTTP/1.1
                                                                  Connection: Keep-Alive
                                                                  Accept: */*
                                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                  Host: slscr.update.microsoft.com
                                                                  2024-04-26 12:45:11 UTC560INHTTP/1.1 200 OK
                                                                  Cache-Control: no-cache
                                                                  Pragma: no-cache
                                                                  Content-Type: application/octet-stream
                                                                  Expires: -1
                                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                  ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                  MS-CorrelationId: 2ec5599f-e348-4c95-a534-0f1c561a7d79
                                                                  MS-RequestId: 7f139fc3-82ba-415d-94fe-4aa156674dd7
                                                                  MS-CV: pu73uqUwXkaVunhz.0
                                                                  X-Microsoft-SLSClientCache: 2880
                                                                  Content-Disposition: attachment; filename=environment.cab
                                                                  X-Content-Type-Options: nosniff
                                                                  Date: Fri, 26 Apr 2024 12:45:10 GMT
                                                                  Connection: close
                                                                  Content-Length: 24490
                                                                  2024-04-26 12:45:11 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                  Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                  2024-04-26 12:45:11 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                  Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                  11192.168.2.54973323.1.237.91443
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-04-26 12:45:15 UTC2148OUTPOST /threshold/xls.aspx HTTP/1.1
                                                                  Origin: https://www.bing.com
                                                                  Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                                                  Accept: */*
                                                                  Accept-Language: en-CH
                                                                  Content-type: text/xml
                                                                  X-Agent-DeviceId: 01000A410900D492
                                                                  X-BM-CBT: 1696428841
                                                                  X-BM-DateFormat: dd/MM/yyyy
                                                                  X-BM-DeviceDimensions: 784x984
                                                                  X-BM-DeviceDimensionsLogical: 784x984
                                                                  X-BM-DeviceScale: 100
                                                                  X-BM-DTZ: 120
                                                                  X-BM-Market: CH
                                                                  X-BM-Theme: 000000;0078d7
                                                                  X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                                                                  X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22
                                                                  X-Device-isOptin: false
                                                                  X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                                                                  X-Device-OSSKU: 48
                                                                  X-Device-Touch: false
                                                                  X-DeviceID: 01000A410900D492
                                                                  X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh
                                                                  X-MSEdge-ExternalExpType: JointCoord
                                                                  X-PositionerType: Desktop
                                                                  X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                                                                  X-Search-CortanaAvailableCapabilities: None
                                                                  X-Search-SafeSearch: Moderate
                                                                  X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
                                                                  X-UserAgeClass: Unknown
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                  Host: www.bing.com
                                                                  Content-Length: 2484
                                                                  Connection: Keep-Alive
                                                                  Cache-Control: no-cache
                                                                  Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1714135479960&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
                                                                  2024-04-26 12:45:15 UTC1OUTData Raw: 3c
                                                                  Data Ascii: <
                                                                  2024-04-26 12:45:15 UTC2483OUTData Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49
                                                                  Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
                                                                  2024-04-26 12:45:15 UTC480INHTTP/1.1 204 No Content
                                                                  Access-Control-Allow-Origin: *
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  X-MSEdge-Ref: Ref A: 9484F3F487B1452D805036935283AA14 Ref B: LAX311000114029 Ref C: 2024-04-26T12:45:15Z
                                                                  Date: Fri, 26 Apr 2024 12:45:15 GMT
                                                                  Connection: close
                                                                  Alt-Svc: h3=":443"; ma=93600
                                                                  X-CDN-TraceID: 0.57ed0117.1714135515.1119ac3f


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  12192.168.2.549734172.67.74.1524436512C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-04-26 12:45:19 UTC155OUTGET / HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                  Host: api.ipify.org
                                                                  Connection: Keep-Alive
                                                                  2024-04-26 12:45:19 UTC211INHTTP/1.1 200 OK
                                                                  Date: Fri, 26 Apr 2024 12:45:19 GMT
                                                                  Content-Type: text/plain
                                                                  Content-Length: 15
                                                                  Connection: close
                                                                  Vary: Origin
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Server: cloudflare
                                                                  CF-RAY: 87a6ab53685425af-MIA
                                                                  2024-04-26 12:45:19 UTC15INData Raw: 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 32 30
                                                                  Data Ascii: 102.129.152.220


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  13192.168.2.549736172.67.74.1524436616C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-04-26 12:45:27 UTC155OUTGET / HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                  Host: api.ipify.org
                                                                  Connection: Keep-Alive
                                                                  2024-04-26 12:45:28 UTC211INHTTP/1.1 200 OK
                                                                  Date: Fri, 26 Apr 2024 12:45:28 GMT
                                                                  Content-Type: text/plain
                                                                  Content-Length: 15
                                                                  Connection: close
                                                                  Vary: Origin
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Server: cloudflare
                                                                  CF-RAY: 87a6ab89eb42a4d0-MIA
                                                                  2024-04-26 12:45:28 UTC15INData Raw: 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 32 30
                                                                  Data Ascii: 102.129.152.220


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  14192.168.2.54973820.12.23.50443
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-04-26 12:45:52 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oECBsU8SvDWmGwB&MD=GeXZP6XL HTTP/1.1
                                                                  Connection: Keep-Alive
                                                                  Accept: */*
                                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                  Host: slscr.update.microsoft.com
                                                                  2024-04-26 12:45:52 UTC560INHTTP/1.1 200 OK
                                                                  Cache-Control: no-cache
                                                                  Pragma: no-cache
                                                                  Content-Type: application/octet-stream
                                                                  Expires: -1
                                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                  ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                                                                  MS-CorrelationId: fb587046-5c27-416b-9504-901b22de1819
                                                                  MS-RequestId: 54e44f49-fd95-4995-978d-270274722663
                                                                  MS-CV: LSDNQGGEI0ubqNgV.0
                                                                  X-Microsoft-SLSClientCache: 2160
                                                                  Content-Disposition: attachment; filename=environment.cab
                                                                  X-Content-Type-Options: nosniff
                                                                  Date: Fri, 26 Apr 2024 12:45:51 GMT
                                                                  Connection: close
                                                                  Content-Length: 25457
                                                                  2024-04-26 12:45:52 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                                                                  Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                                                                  2024-04-26 12:45:52 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                                                                  Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                                                                  Statistics

                                                                  CPU Usage

                                                                  Click to jump to process

                                                                  Memory Usage

                                                                  Click to jump to process

                                                                  High Level Behavior Distribution

                                                                  Click to dive into process behavior distribution

                                                                  Behavior

                                                                  Click to jump to process

                                                                  System Behavior

                                                                  General

                                                                  Target ID:0
                                                                  Start time:14:44:50
                                                                  Start date:26/04/2024
                                                                  Path:C:\Users\user\Desktop\Packing List PDF.bat.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Users\user\Desktop\Packing List PDF.bat.exe"
                                                                  Imagebase:0x3c0000
                                                                  File size:841'728 bytes
                                                                  MD5 hash:5A12438B3B4C926C12A9376C7BF13426
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2125109850.00000000052F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2101387752.00000000037A9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2101387752.00000000044FB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2101387752.00000000044FB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  Reputation:low
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:3
                                                                  Start time:14:44:53
                                                                  Start date:26/04/2024
                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Packing List PDF.bat.exe"
                                                                  Imagebase:0xf80000
                                                                  File size:433'152 bytes
                                                                  MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:4
                                                                  Start time:14:44:53
                                                                  Start date:26/04/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff6d64d0000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:5
                                                                  Start time:14:44:54
                                                                  Start date:26/04/2024
                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\CmxzrHBB.exe"
                                                                  Imagebase:0xf80000
                                                                  File size:433'152 bytes
                                                                  MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:6
                                                                  Start time:14:44:54
                                                                  Start date:26/04/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff6d64d0000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:7
                                                                  Start time:14:44:54
                                                                  Start date:26/04/2024
                                                                  Path:C:\Windows\SysWOW64\schtasks.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp233A.tmp"
                                                                  Imagebase:0xdc0000
                                                                  File size:187'904 bytes
                                                                  MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:8
                                                                  Start time:14:44:54
                                                                  Start date:26/04/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff6d64d0000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:9
                                                                  Start time:14:44:55
                                                                  Start date:26/04/2024
                                                                  Path:C:\Users\user\Desktop\Packing List PDF.bat.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Users\user\Desktop\Packing List PDF.bat.exe"
                                                                  Imagebase:0xc10000
                                                                  File size:841'728 bytes
                                                                  MD5 hash:5A12438B3B4C926C12A9376C7BF13426
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.4479652873.0000000002FFC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.4468382854.0000000000433000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.4468382854.0000000000433000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.4479652873.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.4479652873.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  Reputation:low
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:10
                                                                  Start time:14:44:55
                                                                  Start date:26/04/2024
                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
                                                                  Imagebase:0x7ff715980000
                                                                  File size:3'242'272 bytes
                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:11
                                                                  Start time:14:44:56
                                                                  Start date:26/04/2024
                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1960,i,13115366367868831849,127431275682310398,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                  Imagebase:0x7ff715980000
                                                                  File size:3'242'272 bytes
                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:12
                                                                  Start time:14:44:57
                                                                  Start date:26/04/2024
                                                                  Path:C:\Users\user\AppData\Roaming\CmxzrHBB.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:C:\Users\user\AppData\Roaming\CmxzrHBB.exe
                                                                  Imagebase:0xd60000
                                                                  File size:841'728 bytes
                                                                  MD5 hash:5A12438B3B4C926C12A9376C7BF13426
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.2227455760.0000000004BBE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000C.00000002.2227455760.0000000004BBE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  Antivirus matches:
                                                                  • Detection: 100%, Avira
                                                                  • Detection: 100%, Joe Sandbox ML
                                                                  • Detection: 37%, ReversingLabs
                                                                  • Detection: 42%, Virustotal, Browse
                                                                  Reputation:low
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:13
                                                                  Start time:14:45:01
                                                                  Start date:26/04/2024
                                                                  Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                  Imagebase:0x7ff6ef0c0000
                                                                  File size:496'640 bytes
                                                                  MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:15
                                                                  Start time:14:45:09
                                                                  Start date:26/04/2024
                                                                  Path:C:\Windows\SysWOW64\schtasks.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp5CD8.tmp"
                                                                  Imagebase:0xdc0000
                                                                  File size:187'904 bytes
                                                                  MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:16
                                                                  Start time:14:45:09
                                                                  Start date:26/04/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff6d64d0000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:17
                                                                  Start time:14:45:09
                                                                  Start date:26/04/2024
                                                                  Path:C:\Users\user\AppData\Roaming\CmxzrHBB.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Users\user\AppData\Roaming\CmxzrHBB.exe"
                                                                  Imagebase:0xe50000
                                                                  File size:841'728 bytes
                                                                  MD5 hash:5A12438B3B4C926C12A9376C7BF13426
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000011.00000002.4479598758.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000011.00000002.4479598758.0000000003391000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000011.00000002.4479598758.0000000003391000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  Reputation:low
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:19
                                                                  Start time:14:45:13
                                                                  Start date:26/04/2024
                                                                  Path:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                                                                  Imagebase:0xb10000
                                                                  File size:841'728 bytes
                                                                  MD5 hash:5A12438B3B4C926C12A9376C7BF13426
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Antivirus matches:
                                                                  • Detection: 100%, Avira
                                                                  • Detection: 100%, Joe Sandbox ML
                                                                  • Detection: 37%, ReversingLabs
                                                                  • Detection: 42%, Virustotal, Browse
                                                                  Reputation:low
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:20
                                                                  Start time:14:45:17
                                                                  Start date:26/04/2024
                                                                  Path:C:\Windows\SysWOW64\schtasks.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp7AA1.tmp"
                                                                  Imagebase:0xdc0000
                                                                  File size:187'904 bytes
                                                                  MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:21
                                                                  Start time:14:45:17
                                                                  Start date:26/04/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff6d64d0000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:22
                                                                  Start time:14:45:17
                                                                  Start date:26/04/2024
                                                                  Path:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                                                                  Imagebase:0x80000
                                                                  File size:841'728 bytes
                                                                  MD5 hash:5A12438B3B4C926C12A9376C7BF13426
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:23
                                                                  Start time:14:45:17
                                                                  Start date:26/04/2024
                                                                  Path:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                                                                  Imagebase:0x980000
                                                                  File size:841'728 bytes
                                                                  MD5 hash:5A12438B3B4C926C12A9376C7BF13426
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000017.00000002.4480419660.0000000002EAC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000017.00000002.4480419660.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000017.00000002.4480419660.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:24
                                                                  Start time:14:45:21
                                                                  Start date:26/04/2024
                                                                  Path:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                                                                  Imagebase:0x620000
                                                                  File size:841'728 bytes
                                                                  MD5 hash:5A12438B3B4C926C12A9376C7BF13426
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000002.2392274425.00000000047BF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000018.00000002.2392274425.00000000047BF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:25
                                                                  Start time:14:45:25
                                                                  Start date:26/04/2024
                                                                  Path:C:\Windows\SysWOW64\schtasks.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CmxzrHBB" /XML "C:\Users\user\AppData\Local\Temp\tmp9D6B.tmp"
                                                                  Imagebase:0xdc0000
                                                                  File size:187'904 bytes
                                                                  MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:26
                                                                  Start time:14:45:25
                                                                  Start date:26/04/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff6d64d0000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:27
                                                                  Start time:14:45:26
                                                                  Start date:26/04/2024
                                                                  Path:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                                                                  Imagebase:0xc60000
                                                                  File size:841'728 bytes
                                                                  MD5 hash:5A12438B3B4C926C12A9376C7BF13426
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001B.00000002.4479020236.0000000003101000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001B.00000002.4479020236.0000000003101000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001B.00000002.4479020236.000000000312C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  Has exited:false

                                                                  Disassembly

                                                                  Reset < >

                                                                    Execution Graph

                                                                    Execution Coverage:10.6%
                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                    Signature Coverage:0%
                                                                    Total number of Nodes:94
                                                                    Total number of Limit Nodes:6
                                                                    execution_graph 32517 e3d5c0 DuplicateHandle 32518 e3d656 32517->32518 32620 6eb41b8 32621 6eb41de 32620->32621 32622 6eb4343 32620->32622 32621->32622 32624 6eb1494 32621->32624 32625 6eb4438 PostMessageW 32624->32625 32626 6eb44a4 32625->32626 32626->32621 32519 e34668 32520 e34672 32519->32520 32524 e3475f 32519->32524 32528 e34204 32520->32528 32522 e3468d 32525 e34767 32524->32525 32532 e34868 32525->32532 32529 e3420f 32528->32529 32540 e35c4c 32529->32540 32531 e36f8d 32531->32522 32534 e3488f 32532->32534 32533 e3496c 32534->32533 32536 e344e4 32534->32536 32537 e358f8 CreateActCtxA 32536->32537 32539 e359bb 32537->32539 32541 e35c57 32540->32541 32544 e35c6c 32541->32544 32543 e3702d 32543->32531 32545 e35c77 32544->32545 32548 e35c9c 32545->32548 32547 e37102 32547->32543 32549 e35ca7 32548->32549 32552 e35ccc 32549->32552 32551 e37205 32551->32547 32553 e35cd7 32552->32553 32555 e3850b 32553->32555 32558 e3abbf 32553->32558 32554 e38549 32554->32551 32555->32554 32562 e3cca1 32555->32562 32567 e3abf0 32558->32567 32571 e3abe7 32558->32571 32559 e3abce 32559->32555 32563 e3cca7 32562->32563 32565 e3ccf5 32563->32565 32604 e3ce60 32563->32604 32608 e3ce5f 32563->32608 32565->32554 32568 e3abff 32567->32568 32576 e3ace8 32567->32576 32584 e3acdf 32567->32584 32568->32559 32572 e3abef 32571->32572 32574 e3ace8 2 API calls 32572->32574 32575 e3acdf 2 API calls 32572->32575 32573 e3abff 32573->32559 32574->32573 32575->32573 32577 e3acf9 32576->32577 32578 e3ad1c 32576->32578 32577->32578 32592 e3af80 32577->32592 32596 e3af77 32577->32596 32578->32568 32579 e3af20 GetModuleHandleW 32581 e3af4d 32579->32581 32580 e3ad14 32580->32578 32580->32579 32581->32568 32585 e3acf9 32584->32585 32586 e3ad1c 32584->32586 32585->32586 32590 e3af80 LoadLibraryExW 32585->32590 32591 e3af77 LoadLibraryExW 32585->32591 32586->32568 32587 e3af20 GetModuleHandleW 32589 e3af4d 32587->32589 32588 e3ad14 32588->32586 32588->32587 32589->32568 32590->32588 32591->32588 32593 e3af94 32592->32593 32595 e3afb9 32593->32595 32600 e3a0a8 32593->32600 32595->32580 32597 e3af7f 32596->32597 32598 e3a0a8 LoadLibraryExW 32597->32598 32599 e3afb9 32597->32599 32598->32599 32599->32580 32601 e3b160 LoadLibraryExW 32600->32601 32603 e3b1d9 32601->32603 32603->32595 32605 e3ce6d 32604->32605 32606 e3cea7 32605->32606 32612 e3b6c0 32605->32612 32606->32565 32609 e3ce6d 32608->32609 32610 e3cea7 32609->32610 32611 e3b6c0 3 API calls 32609->32611 32610->32565 32611->32610 32613 e3b6cb 32612->32613 32615 e3dbb8 32613->32615 32616 e3cfc4 32613->32616 32617 e3cfcf 32616->32617 32618 e35ccc 3 API calls 32617->32618 32619 e3dc27 32618->32619 32619->32615 32627 e3d378 32628 e3d3be GetCurrentProcess 32627->32628 32630 e3d410 GetCurrentThread 32628->32630 32631 e3d409 32628->32631 32632 e3d446 32630->32632 32633 e3d44d GetCurrentProcess 32630->32633 32631->32630 32632->32633 32636 e3d483 32633->32636 32634 e3d4ab GetCurrentThreadId 32635 e3d4dc 32634->32635 32636->32634

                                                                    Executed Functions

                                                                    Function 06EB4961 Relevance: .3, Instructions: 337COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2125713739.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_6eb0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2904dcd306110321e8f1af116373fd8d2f4dbea49fbded83acdc9c79f2304fe0
                                                                    • Instruction ID: 6a152740850c07476e94aaf42a6433d384d1fe4006575a4fe0cbd0fed87ff6c3
                                                                    • Opcode Fuzzy Hash: 2904dcd306110321e8f1af116373fd8d2f4dbea49fbded83acdc9c79f2304fe0
                                                                    • Instruction Fuzzy Hash: C1C1DD30B017008FDB55DB75C860BEF77EAAF89704F186469D14A9B2AACB35E801CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06EB3549 Relevance: .1, Instructions: 128COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2125713739.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_6eb0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 88181f44528bb101efa233022bee01b623e8ab9bef72a1a871dd774c29f8726a
                                                                    • Instruction ID: c56137f660b586aed9c4ee9adaff3588e3934319c6c2808c5e93eebffaeb46d0
                                                                    • Opcode Fuzzy Hash: 88181f44528bb101efa233022bee01b623e8ab9bef72a1a871dd774c29f8726a
                                                                    • Instruction Fuzzy Hash: B3510874D06328CFDB61DF64C949BEEBBB4AB4A305F0071EAD409A7252C7709A85CF81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06EB340F Relevance: .1, Instructions: 78COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2125713739.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_6eb0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 445e2782dac6f4827abb10d9efb8d487bdf4727b008c8fff401d0d32ac809e75
                                                                    • Instruction ID: 31dc5a7550435456af6e20531b0f17daad70f98b3197e004f58dc49ec35b902f
                                                                    • Opcode Fuzzy Hash: 445e2782dac6f4827abb10d9efb8d487bdf4727b008c8fff401d0d32ac809e75
                                                                    • Instruction Fuzzy Hash: D0310A74D06228CFDBA0DF64D945BEEB7B4AB4A304F0070EAD409A3252C7309E85CF81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06EB3667 Relevance: .1, Instructions: 67COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2125713739.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_6eb0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d0883109809d4e547807d2f31117a1bef2cfda65fcd91c494d933d840e876993
                                                                    • Instruction ID: 8d13e60118f1f5286530a534b6048eb6ec2a8e27b187f0362cd83d1256b073c8
                                                                    • Opcode Fuzzy Hash: d0883109809d4e547807d2f31117a1bef2cfda65fcd91c494d933d840e876993
                                                                    • Instruction Fuzzy Hash: C721E434D0A328CFDBA19F65D8497EEB7B5BB4A305F0031EAD40DA6252DB705A84CF41
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06EB3491 Relevance: .1, Instructions: 66COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2125713739.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_6eb0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0c631a6f79b5bf1ccf6c4f356034f440edb85c798f8a61abc1eabbf422913c3f
                                                                    • Instruction ID: 78bf36bc5bebb689e2b186d8a1be5591a11bea4315d1128fb955b04a820efe06
                                                                    • Opcode Fuzzy Hash: 0c631a6f79b5bf1ccf6c4f356034f440edb85c798f8a61abc1eabbf422913c3f
                                                                    • Instruction Fuzzy Hash: C121F574D46228CFDBA1DF65D845BEEBBB4AB4A301F0031E6D40DA7212D7309E858F95
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06EB3399 Relevance: .1, Instructions: 55COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2125713739.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_6eb0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3840479a022780f64a1f3b00e55e9df9d73c0604016ebccaa1392e387396cd7e
                                                                    • Instruction ID: 355cee9540964f79ffc0463b401cea4b55f3b6071c4308e665eaefa0ff1744a4
                                                                    • Opcode Fuzzy Hash: 3840479a022780f64a1f3b00e55e9df9d73c0604016ebccaa1392e387396cd7e
                                                                    • Instruction Fuzzy Hash: EF11D074D06228CFDBA1DF64D845AEEB7B5BB4A300F0031E6D50EA3201D7309E948F85
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06EB393E Relevance: .1, Instructions: 53COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2125713739.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_6eb0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 318dd36c520230e1234b474cdfdef030c2d6841d7c9ed429b7c3908d4ceee17d
                                                                    • Instruction ID: e460bf8139a32dba1c03e678617ac79055d186b8974c1ddfad505f198e3389b2
                                                                    • Opcode Fuzzy Hash: 318dd36c520230e1234b474cdfdef030c2d6841d7c9ed429b7c3908d4ceee17d
                                                                    • Instruction Fuzzy Hash: 68115E74909319CFDB519F54D849AEAB7B4FB8A311F0031F6D91EA7252C7315E428F81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06EB3378 Relevance: .0, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2125713739.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_6eb0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 95713819ca3c52ac131fa4a2910fd835c90076a437bd3848a8f83a8662a83221
                                                                    • Instruction ID: 0c454c9274bd42f1a6c275171ad8b227c9328285e11e62d5689908c9cbfa70fa
                                                                    • Opcode Fuzzy Hash: 95713819ca3c52ac131fa4a2910fd835c90076a437bd3848a8f83a8662a83221
                                                                    • Instruction Fuzzy Hash: 98011674D0A218CFDB50CF95E8456EEB7B8FB4A301F0031A6E40EA3202D7309E908E85
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00E3D368 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 296 e3d368-e3d407 GetCurrentProcess 301 e3d410-e3d444 GetCurrentThread 296->301 302 e3d409-e3d40f 296->302 303 e3d446-e3d44c 301->303 304 e3d44d-e3d481 GetCurrentProcess 301->304 302->301 303->304 305 e3d483-e3d489 304->305 306 e3d48a-e3d4a5 call e3d547 304->306 305->306 310 e3d4ab-e3d4da GetCurrentThreadId 306->310 311 e3d4e3-e3d545 310->311 312 e3d4dc-e3d4e2 310->312 312->311
                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32 ref: 00E3D3F6
                                                                    • GetCurrentThread.KERNEL32 ref: 00E3D433
                                                                    • GetCurrentProcess.KERNEL32 ref: 00E3D470
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00E3D4C9
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2095634543.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID: Current$ProcessThread
                                                                    • String ID:
                                                                    • API String ID: 2063062207-0
                                                                    • Opcode ID: 6a6834de6a88ecbecc220690e001b2237f38e2b072ad60337f292751afe944c3
                                                                    • Instruction ID: 5e06c011302f28142c2133250c9faa1f970ab4f45d2b608278d58416837c3c22
                                                                    • Opcode Fuzzy Hash: 6a6834de6a88ecbecc220690e001b2237f38e2b072ad60337f292751afe944c3
                                                                    • Instruction Fuzzy Hash: A55168B09003498FDB14DFA9E948BAEBFF1EF89314F20C559E019A73A0D7746944CB66
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00E3D378 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 319 e3d378-e3d407 GetCurrentProcess 323 e3d410-e3d444 GetCurrentThread 319->323 324 e3d409-e3d40f 319->324 325 e3d446-e3d44c 323->325 326 e3d44d-e3d481 GetCurrentProcess 323->326 324->323 325->326 327 e3d483-e3d489 326->327 328 e3d48a-e3d4a5 call e3d547 326->328 327->328 332 e3d4ab-e3d4da GetCurrentThreadId 328->332 333 e3d4e3-e3d545 332->333 334 e3d4dc-e3d4e2 332->334 334->333
                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32 ref: 00E3D3F6
                                                                    • GetCurrentThread.KERNEL32 ref: 00E3D433
                                                                    • GetCurrentProcess.KERNEL32 ref: 00E3D470
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00E3D4C9
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2095634543.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID: Current$ProcessThread
                                                                    • String ID:
                                                                    • API String ID: 2063062207-0
                                                                    • Opcode ID: a3515355ef16c8db22c27c22e2a95391242994d7c25cb6408ba9f8c0669e89c9
                                                                    • Instruction ID: 703a60e2b72a93959bb731ce1172e990d080bd544c84e0ca21102ba32a4c6c8a
                                                                    • Opcode Fuzzy Hash: a3515355ef16c8db22c27c22e2a95391242994d7c25cb6408ba9f8c0669e89c9
                                                                    • Instruction Fuzzy Hash: 735146B09002498FDB14DFAAD948BAEBBF5EF89314F20C459E019B7360D774A944CB66
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D34FA8 Relevance: 2.7, Strings: 2, Instructions: 214COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 364 4d34fa8-4d3500a call 4d34324 370 4d35070-4d3509c 364->370 371 4d3500c-4d3500e 364->371 372 4d350a3-4d350ab 370->372 371->372 373 4d35014-4d35020 371->373 378 4d350b2-4d351ed 372->378 373->378 379 4d35026-4d35061 call 4d34330 373->379 397 4d351f3-4d35201 378->397 389 4d35066-4d3506f 379->389 398 4d35203-4d35209 397->398 399 4d3520a-4d35250 397->399 398->399 404 4d35252-4d35255 399->404 405 4d3525d 399->405 404->405 406 4d3525e 405->406 406->406
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Haq$Haq
                                                                    • API String ID: 0-4016896955
                                                                    • Opcode ID: 3e24a00845798a4d1d0b1d01cdc0f202ad89e9b8f0371915f7decee30a8bc920
                                                                    • Instruction ID: 48c9e71e3b142d8589b417b7cfa249e99039893583256a5fa8a0df8c9ad55064
                                                                    • Opcode Fuzzy Hash: 3e24a00845798a4d1d0b1d01cdc0f202ad89e9b8f0371915f7decee30a8bc920
                                                                    • Instruction Fuzzy Hash: C5818B75E003199FDB04DFA9C8946EEBBF6FF89300F14852AE409AB350DB749905CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D306E8 Relevance: 2.7, Strings: 2, Instructions: 166COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 407 4d306e8-4d307f9 427 4d307fc call 4d31220 407->427 428 4d307fc call 4d3120f 407->428 412 4d30802-4d3081b 416 4d3087d-4d30962 412->416 417 4d3081d-4d30875 412->417 417->416 427->412 428->412
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $
                                                                    • API String ID: 0-227171996
                                                                    • Opcode ID: cf3229e836b1b162d1d64396830d46f77fe79635fd2e2ee5274839b21475da15
                                                                    • Instruction ID: 4cee99b24157b3ea845675efd166edd9cd004b741191532c097e50462429a8e7
                                                                    • Opcode Fuzzy Hash: cf3229e836b1b162d1d64396830d46f77fe79635fd2e2ee5274839b21475da15
                                                                    • Instruction Fuzzy Hash: 3071C431920701CFDB41DF29E895555B7F2FF85344B4086A9D849BB326EBB1F889CB80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D306F8 Relevance: 2.7, Strings: 2, Instructions: 158COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 429 4d306f8-4d307f9 449 4d307fc call 4d31220 429->449 450 4d307fc call 4d3120f 429->450 434 4d30802-4d3081b 438 4d3087d-4d30962 434->438 439 4d3081d-4d30875 434->439 439->438 449->434 450->434
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $
                                                                    • API String ID: 0-227171996
                                                                    • Opcode ID: a6c4d339f95cff38715c71ee2d2ff411a35280b5a91e8d255bf3f4b4e919761c
                                                                    • Instruction ID: 08a019d290badf7577767b487c8edb5df5635f511249d5071677f00435e5a1c3
                                                                    • Opcode Fuzzy Hash: a6c4d339f95cff38715c71ee2d2ff411a35280b5a91e8d255bf3f4b4e919761c
                                                                    • Instruction Fuzzy Hash: 9461B431920701CFDB40EF29E895555B7F2FF85354B408669E949BB326EBB5F888CB80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00E3ACE8 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 464 e3ace8-e3acf7 465 e3ad23-e3ad27 464->465 466 e3acf9-e3ad06 call e3a040 464->466 468 e3ad3b-e3ad7c 465->468 469 e3ad29-e3ad33 465->469 471 e3ad08 466->471 472 e3ad1c 466->472 475 e3ad89-e3ad97 468->475 476 e3ad7e-e3ad86 468->476 469->468 520 e3ad0e call e3af80 471->520 521 e3ad0e call e3af77 471->521 472->465 477 e3adbb-e3adbd 475->477 478 e3ad99-e3ad9e 475->478 476->475 483 e3adc0-e3adc7 477->483 480 e3ada0-e3ada7 call e3a04c 478->480 481 e3ada9 478->481 479 e3ad14-e3ad16 479->472 482 e3ae58-e3af18 479->482 485 e3adab-e3adb9 480->485 481->485 515 e3af20-e3af4b GetModuleHandleW 482->515 516 e3af1a-e3af1d 482->516 486 e3add4-e3addb 483->486 487 e3adc9-e3add1 483->487 485->483 489 e3ade8-e3adf1 call e3a05c 486->489 490 e3addd-e3ade5 486->490 487->486 495 e3adf3-e3adfb 489->495 496 e3adfe-e3ae03 489->496 490->489 495->496 497 e3ae21-e3ae25 496->497 498 e3ae05-e3ae0c 496->498 503 e3ae2b-e3ae2e 497->503 498->497 500 e3ae0e-e3ae1e call e3a06c call e3a07c 498->500 500->497 505 e3ae51-e3ae57 503->505 506 e3ae30-e3ae4e 503->506 506->505 517 e3af54-e3af68 515->517 518 e3af4d-e3af53 515->518 516->515 518->517 520->479 521->479
                                                                    APIs
                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 00E3AF3E
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2095634543.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID: HandleModule
                                                                    • String ID:
                                                                    • API String ID: 4139908857-0
                                                                    • Opcode ID: 5994c97f63417b9185255a31ed2b9dd68d3ba4707b3f537a3b53ef778b0267b1
                                                                    • Instruction ID: f28f9d6cb8a6fb10ed98e48b63892ae63e815a505b89d05ace4c1cdbff47f80f
                                                                    • Opcode Fuzzy Hash: 5994c97f63417b9185255a31ed2b9dd68d3ba4707b3f537a3b53ef778b0267b1
                                                                    • Instruction Fuzzy Hash: 18714870A00B058FD724DF2AD44975ABBF1FF88308F048A2DD49AE7A50D775E989CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00E35A64 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 522 e35a64-e35af4
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2095634543.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c8edbf4ef5367235005debceae749f4f33e4bdd964473d94c15faadf7a5a3d7e
                                                                    • Instruction ID: 439aa8c6c2c6a6893be9b597f1e3cec5e670f6f5cfd4bf59ad35eb4f5f3d53b4
                                                                    • Opcode Fuzzy Hash: c8edbf4ef5367235005debceae749f4f33e4bdd964473d94c15faadf7a5a3d7e
                                                                    • Instruction Fuzzy Hash: 0F31CC72805B48CFCB15DFA8C84879EBFF0AF92324F24918AC056AB355C775A90ADB51
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00E344E4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 525 e344e4-e359b9 CreateActCtxA 529 e359c2-e35a1c 525->529 530 e359bb-e359c1 525->530 537 e35a2b-e35a2f 529->537 538 e35a1e-e35a21 529->538 530->529 539 e35a31-e35a3d 537->539 540 e35a40 537->540 538->537 539->540 542 e35a41 540->542 542->542
                                                                    APIs
                                                                    • CreateActCtxA.KERNEL32(?), ref: 00E359A9
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2095634543.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID: Create
                                                                    • String ID:
                                                                    • API String ID: 2289755597-0
                                                                    • Opcode ID: 899f8ffd7dcd8c983814435a2a0898f835c2d0ea1705eaf7ab0ccc3e7dd36d35
                                                                    • Instruction ID: 6adf596606029a6f6a0c331c7f2f76d883e9d5fbbed7361d64e27e26f114c4ac
                                                                    • Opcode Fuzzy Hash: 899f8ffd7dcd8c983814435a2a0898f835c2d0ea1705eaf7ab0ccc3e7dd36d35
                                                                    • Instruction Fuzzy Hash: 1141E2B1C00719CBDB24DFA9C848B9EBBF5BF48304F20816AD419BB255DB756945CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00E358EC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 543 e358ec-e3596c 545 e3596f-e359b9 CreateActCtxA 543->545 547 e359c2-e35a1c 545->547 548 e359bb-e359c1 545->548 555 e35a2b-e35a2f 547->555 556 e35a1e-e35a21 547->556 548->547 557 e35a31-e35a3d 555->557 558 e35a40 555->558 556->555 557->558 560 e35a41 558->560 560->560
                                                                    APIs
                                                                    • CreateActCtxA.KERNEL32(?), ref: 00E359A9
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2095634543.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID: Create
                                                                    • String ID:
                                                                    • API String ID: 2289755597-0
                                                                    • Opcode ID: a169fc9db636e3b94cf73c2d407ceb8e0250b4b900672bb876ed21557ffcdc73
                                                                    • Instruction ID: 134a1c4ccf5dd38e80f876bb8da113017db42cab315365aa83a57356f7a5801a
                                                                    • Opcode Fuzzy Hash: a169fc9db636e3b94cf73c2d407ceb8e0250b4b900672bb876ed21557ffcdc73
                                                                    • Instruction Fuzzy Hash: 4841E3B1C00719CEDB24DFA9C888BDEBBB5BF48304F20816AD419BB255DB755946CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00E3D5B8 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 561 e3d5b8 562 e3d5bf-e3d654 DuplicateHandle 561->562 563 e3d656-e3d65c 562->563 564 e3d65d-e3d67a 562->564 563->564
                                                                    APIs
                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E3D647
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2095634543.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID: DuplicateHandle
                                                                    • String ID:
                                                                    • API String ID: 3793708945-0
                                                                    • Opcode ID: c9f84335afdb6fcf8663ce0623562537bf76b068c238ea9b99a285bbe1277003
                                                                    • Instruction ID: c546520fa52175cdfcc4139429ce04749c101af0a347de6b88bc29e277779515
                                                                    • Opcode Fuzzy Hash: c9f84335afdb6fcf8663ce0623562537bf76b068c238ea9b99a285bbe1277003
                                                                    • Instruction Fuzzy Hash: A92119B58002089FDB10CF9AD984ADEBFF5FF48320F10851AE928A3350C378A944CFA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00E3D5C0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 567 e3d5c0-e3d654 DuplicateHandle 568 e3d656-e3d65c 567->568 569 e3d65d-e3d67a 567->569 568->569
                                                                    APIs
                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E3D647
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2095634543.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID: DuplicateHandle
                                                                    • String ID:
                                                                    • API String ID: 3793708945-0
                                                                    • Opcode ID: 05c34ea71cccadb9bb5e517721055a77ba90b0c25fcbf603efcf4299ab1f332c
                                                                    • Instruction ID: 58ae1287ac48081df52b8796e391e94f5f890ace9c9dba362a84f2f0a3ceb451
                                                                    • Opcode Fuzzy Hash: 05c34ea71cccadb9bb5e517721055a77ba90b0c25fcbf603efcf4299ab1f332c
                                                                    • Instruction Fuzzy Hash: 6021D5B59002489FDB10CF9AD985ADEFFF9FB48310F14841AE918A3350D378A944CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00E3A0A8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 572 e3a0a8-e3b1a0 574 e3b1a2-e3b1a5 572->574 575 e3b1a8-e3b1d7 LoadLibraryExW 572->575 574->575 576 e3b1e0-e3b1fd 575->576 577 e3b1d9-e3b1df 575->577 577->576
                                                                    APIs
                                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00E3AFB9,00000800,00000000,00000000), ref: 00E3B1CA
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2095634543.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID: LibraryLoad
                                                                    • String ID:
                                                                    • API String ID: 1029625771-0
                                                                    • Opcode ID: ad407082a59c8244edc23ef437cad70160c8271e23db1f7a8733e88d35c4485a
                                                                    • Instruction ID: da59d669e9be665fbed2466898b2e7ffbb525524cd6a1fa752b5ac6fb5187657
                                                                    • Opcode Fuzzy Hash: ad407082a59c8244edc23ef437cad70160c8271e23db1f7a8733e88d35c4485a
                                                                    • Instruction Fuzzy Hash: 8911E4B69003099FDB10DF9AC848BDEFBF5EB88310F10842AE519B7210C379A945CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00E3B159 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00E3AFB9,00000800,00000000,00000000), ref: 00E3B1CA
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2095634543.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID: LibraryLoad
                                                                    • String ID:
                                                                    • API String ID: 1029625771-0
                                                                    • Opcode ID: ed838609b11cd11690319a6dbc419d86d11d5bd7b3419d9aa8a550f36bc648e2
                                                                    • Instruction ID: 4034bb05deb3e1d3ec4d79f1028315fbb3c5feaa6325b2b67936aa521281d967
                                                                    • Opcode Fuzzy Hash: ed838609b11cd11690319a6dbc419d86d11d5bd7b3419d9aa8a550f36bc648e2
                                                                    • Instruction Fuzzy Hash: FE1114B6C002098FDB10CF9AD848ADEFBF4EB88320F10851AD529B7250C779A945CFA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00E3AED8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 00E3AF3E
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2095634543.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID: HandleModule
                                                                    • String ID:
                                                                    • API String ID: 4139908857-0
                                                                    • Opcode ID: 14262de735c63e401c2d6c732a4f3811abb7ab2de4c332045bb766972d431976
                                                                    • Instruction ID: 5c7dd021b3a3e2c629e1a63eb6485acd37e816db577ca00226500975bdd9a74d
                                                                    • Opcode Fuzzy Hash: 14262de735c63e401c2d6c732a4f3811abb7ab2de4c332045bb766972d431976
                                                                    • Instruction Fuzzy Hash: 55110FB6D002498FCB10DF9AC448A9EFBF5AB88314F14846AD469B7210C379A945CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06EB1494 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 06EB4495
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2125713739.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_6eb0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID: MessagePost
                                                                    • String ID:
                                                                    • API String ID: 410705778-0
                                                                    • Opcode ID: d178e046e8b32b934b876b2117b95942134c82d579910dd878313e9132b47d09
                                                                    • Instruction ID: 3dfb2f2049e28f3028c0b3060ec04435fc631bd1b962dcf7ff25bc73d30a45eb
                                                                    • Opcode Fuzzy Hash: d178e046e8b32b934b876b2117b95942134c82d579910dd878313e9132b47d09
                                                                    • Instruction Fuzzy Hash: 0611F2B5800348DFDB10DF9AC945BDFBBF8EB48320F108459E518A7241C379A954CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06EB4437 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 06EB4495
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2125713739.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_6eb0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID: MessagePost
                                                                    • String ID:
                                                                    • API String ID: 410705778-0
                                                                    • Opcode ID: 5b1e165f91764452c7c9a71ebb2b0d9c7bd96093e7eb416ae4997d1a0435aab8
                                                                    • Instruction ID: 9cc21fa69625a93ee3027d7af41eb209e0ec631cf22f84b8e9e9426e11f7591f
                                                                    • Opcode Fuzzy Hash: 5b1e165f91764452c7c9a71ebb2b0d9c7bd96093e7eb416ae4997d1a0435aab8
                                                                    • Instruction Fuzzy Hash: 6311F2B5800348DFCB10DF9AC845BDFBBF8EB48320F108419E518A3240C379A944CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D34CEC Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Haq
                                                                    • API String ID: 0-725504367
                                                                    • Opcode ID: 5b95e1b43c1495ca13f9afe243e6ea7138b393590bd1d2598068ccc452beaff7
                                                                    • Instruction ID: 069f53845bbb8e19f7ceff42991af3fa2d56ed2f8164a3aab7a0f3e7448765f1
                                                                    • Opcode Fuzzy Hash: 5b95e1b43c1495ca13f9afe243e6ea7138b393590bd1d2598068ccc452beaff7
                                                                    • Instruction Fuzzy Hash: 2D418F71A003089FDB24DFA9C444AAFBBF5EF89310F108869E409E7750DB35E945CBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D34340 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: hT
                                                                    • API String ID: 0-303261386
                                                                    • Opcode ID: 30a4bfa7595a5521a973e9b8611973df286c46c330309b0fb97d3e9abda11a1d
                                                                    • Instruction ID: 88730781c0dd8b4de79510fc28e29498fa878c9b4ee1659371fb348b10f3a190
                                                                    • Opcode Fuzzy Hash: 30a4bfa7595a5521a973e9b8611973df286c46c330309b0fb97d3e9abda11a1d
                                                                    • Instruction Fuzzy Hash: BB5153B1C05348AFDB11DFA9C994ACDFFB1BF49304F24806AD408AB211D775AA4ACF91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D353F4 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: hT
                                                                    • API String ID: 0-303261386
                                                                    • Opcode ID: 019db0a935d558a6bffd120054fab9d8fbfd44f509a59df245a7dfccf0a3c129
                                                                    • Instruction ID: cb5e19ed99ae8c8fa6beab80e07b9223567e05bafba97cd790469435a457f61a
                                                                    • Opcode Fuzzy Hash: 019db0a935d558a6bffd120054fab9d8fbfd44f509a59df245a7dfccf0a3c129
                                                                    • Instruction Fuzzy Hash: C841E1B1D01208DBDB24DFA9C584ADEFFB5BF48304F64802AD408BB211D775AA4ACF91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3436C Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: hT
                                                                    • API String ID: 0-303261386
                                                                    • Opcode ID: 081561c43923637c149791afb6ada25010a2a10af285d02749d35a5bcc5c10e5
                                                                    • Instruction ID: 1cc26729a985529cc53684d7297061e37eae337d48efca0fad04a024f1caeedc
                                                                    • Opcode Fuzzy Hash: 081561c43923637c149791afb6ada25010a2a10af285d02749d35a5bcc5c10e5
                                                                    • Instruction Fuzzy Hash: E841E0B1D00309DBDB24DFA9C594ADEFBB5BF48305F64802AD408BB210D775AA4ACF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D352F8 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: hT
                                                                    • API String ID: 0-303261386
                                                                    • Opcode ID: c2417c5ac011cf272b6e368c825f763996bb036bdd72a79d46be2ac7ceb72689
                                                                    • Instruction ID: bac463d2f0379cd18b60bd8ef81cb13622840c2b391939dbded321e6291f7780
                                                                    • Opcode Fuzzy Hash: c2417c5ac011cf272b6e368c825f763996bb036bdd72a79d46be2ac7ceb72689
                                                                    • Instruction Fuzzy Hash: 802125316042009FCB10EF78D45489BBBFAEF81311B1488A9E106DB351EF75E805CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D352E8 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: hT
                                                                    • API String ID: 0-303261386
                                                                    • Opcode ID: 66ff8223a67305708a844307cdc7a04ef2e2d3a4664b2bb75e314f734b0ff9f8
                                                                    • Instruction ID: a31bee7d122df952e44f5d03e6fbd537be55e44534a28feba672468fc07764c1
                                                                    • Opcode Fuzzy Hash: 66ff8223a67305708a844307cdc7a04ef2e2d3a4664b2bb75e314f734b0ff9f8
                                                                    • Instruction Fuzzy Hash: 1221F0316042059FDB11EB68D5958AFBBF5EFC1311F0088AAE146DB361EF34ED098B91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3B910 Relevance: .7, Instructions: 730COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2bf3fdc53d142b90966f2016d0c0c2df855de1b7554e6bbed6ffbe85360b2ab3
                                                                    • Instruction ID: 852d10f5958ecf29b6b18ba39d18c6f1ace96f9e0aee75cf51745fa648c8e872
                                                                    • Opcode Fuzzy Hash: 2bf3fdc53d142b90966f2016d0c0c2df855de1b7554e6bbed6ffbe85360b2ab3
                                                                    • Instruction Fuzzy Hash: 38726D35910609CFDB14EF68D8986ADB7B1FF44305F04829AD549BB265EF70AAC9CF80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D38890 Relevance: .6, Instructions: 551COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 35720f26cd37fc03540930f769f5dd2903ecc43e645c8bbbc7e51202fc7e297e
                                                                    • Instruction ID: d92911ba1d6bc6991d2432bd3f5a010c2ba363fa7a91ca8191308d59d98dca14
                                                                    • Opcode Fuzzy Hash: 35720f26cd37fc03540930f769f5dd2903ecc43e645c8bbbc7e51202fc7e297e
                                                                    • Instruction Fuzzy Hash: 6B42E731E106198FCB14EF68C8946DDF7B1FF89305F1086A9E459B7261EB70AA85DF40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3D5A8 Relevance: .5, Instructions: 500COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3a448f6d2e9ac76978c3f9c66675fd90ba0600a32c867214ea1eda3b31e78ff7
                                                                    • Instruction ID: 504283a3e5e9eaad01b1d9a64e4be446f536bd82903493f71b152044c5cb82b1
                                                                    • Opcode Fuzzy Hash: 3a448f6d2e9ac76978c3f9c66675fd90ba0600a32c867214ea1eda3b31e78ff7
                                                                    • Instruction Fuzzy Hash: D6222534A102048FDB14EF69C894B9DB7B2FF89305F1486A9E44AAB365DB70ED45CF50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D38881 Relevance: .3, Instructions: 329COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a287756cebee50eb82af940451434e89d96d2a4e4309e2c687c2ec94f57a7645
                                                                    • Instruction ID: 776c9bb325b6bc20be0cec8a004eb90f6de58315035ba15bdccc5ba262b0496c
                                                                    • Opcode Fuzzy Hash: a287756cebee50eb82af940451434e89d96d2a4e4309e2c687c2ec94f57a7645
                                                                    • Instruction Fuzzy Hash: E7E10831E006198FCB24EF68C8906EDB7B1FF49305F1486A9E459BB261EB34AD85DF50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3D1E0 Relevance: .3, Instructions: 268COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 02adda8a7fe5cb3bccb1bdaf5801397c5653ce3efe3b2ea1ba19800f198aeacd
                                                                    • Instruction ID: bc0f1a867f3ef8527572d6f2f811b87f6162e70ebb84aa9665757c51255e3c98
                                                                    • Opcode Fuzzy Hash: 02adda8a7fe5cb3bccb1bdaf5801397c5653ce3efe3b2ea1ba19800f198aeacd
                                                                    • Instruction Fuzzy Hash: 5AC10934A10619CFCB14DF69C884A9DB7B2FF89305F1586A9E449AB361EB30ED85CF50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3D1B0 Relevance: .2, Instructions: 227COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f50381c245778dc4bf83774172cb55464f9762ba9fac48132932332913ce3aec
                                                                    • Instruction ID: 7176afd81ef03f0ba967ab351af1d083c943c97d681cedb2b9c099808e8f3c3f
                                                                    • Opcode Fuzzy Hash: f50381c245778dc4bf83774172cb55464f9762ba9fac48132932332913ce3aec
                                                                    • Instruction Fuzzy Hash: 45A1FA35E10619CFCB14DF64C884A9CF7B2FF89305F1586A9E449AB221EB74AE85CF50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3EB70 Relevance: .2, Instructions: 219COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 508826e81270fafe015c1eae6fb2d41a8503e776789ae6d487ce22b79939b4b8
                                                                    • Instruction ID: 7731d4dfa715cf7c4921899de819bef0d06ad6fc10fb8c6f2046b1e5a9ef0c20
                                                                    • Opcode Fuzzy Hash: 508826e81270fafe015c1eae6fb2d41a8503e776789ae6d487ce22b79939b4b8
                                                                    • Instruction Fuzzy Hash: F0913F30A102198FDB04DBA8D894AEDB7B2FF88305F158575E506AB398DB74BD45CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3B2A0 Relevance: .2, Instructions: 197COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6496e65221c673d099987204bd3395d2418efe7694160322aa5c0cb8a3a40ff1
                                                                    • Instruction ID: e8e97e73b4129caddeba7762f161eb5fb4cebcbf4a2858f3a13e8f694a872afc
                                                                    • Opcode Fuzzy Hash: 6496e65221c673d099987204bd3395d2418efe7694160322aa5c0cb8a3a40ff1
                                                                    • Instruction Fuzzy Hash: B791FB7590060ACFCB41DF68C880999FBF5FF89310B14879AE919AB356E770E985CF80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3A621 Relevance: .2, Instructions: 192COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d819bb0bb0d3f02b2714c1d10ee42c3ef529cccba616b4464bf56f0ab4724d27
                                                                    • Instruction ID: 67ba6e1cfe5e1e0b73613e809ecb6c9eb29636a51a13af6f4e9e15568cb9f758
                                                                    • Opcode Fuzzy Hash: d819bb0bb0d3f02b2714c1d10ee42c3ef529cccba616b4464bf56f0ab4724d27
                                                                    • Instruction Fuzzy Hash: 0581FF75700A008FC718DF29C498959BBF2FF8921571589A9E54ACB372DB32EC45CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3EB60 Relevance: .2, Instructions: 185COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 860d7fc20d100d1c6811ba2074be0bc7c956a995735910d446e66ab641848fd4
                                                                    • Instruction ID: 996d717e21f03a8d5e19ba56945164a94247b70916a3563424b2014dcd20a99f
                                                                    • Opcode Fuzzy Hash: 860d7fc20d100d1c6811ba2074be0bc7c956a995735910d446e66ab641848fd4
                                                                    • Instruction Fuzzy Hash: C4716031A002198FDB04DFA8D884AEDB7B2FF88305F158675E5056B2A9EB74BD45CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3DC90 Relevance: .2, Instructions: 173COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c3f3d9ee2e3e5479d28163e8269d88f0da40f965a639b9ee7323cab26c978572
                                                                    • Instruction ID: 3e4d93b1961765be1a1790c60f26b78fae6edc1fca393f5aa3bc2335eb583c57
                                                                    • Opcode Fuzzy Hash: c3f3d9ee2e3e5479d28163e8269d88f0da40f965a639b9ee7323cab26c978572
                                                                    • Instruction Fuzzy Hash: E05158347052048FDB19DF68D894AAEBBF6BF8A701B1444A9E406EB361DB35EC05CF50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3A440 Relevance: .2, Instructions: 172COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 68facc030d9e796335f752a8bdf0431aa710da8302b16fba08157dbfbdce50e6
                                                                    • Instruction ID: bbfaf6afa2489cd349708784236bd67b49893c5997c65ea5528a32993d599b0f
                                                                    • Opcode Fuzzy Hash: 68facc030d9e796335f752a8bdf0431aa710da8302b16fba08157dbfbdce50e6
                                                                    • Instruction Fuzzy Hash: 9771AD74B046068FCB44CF69D584999FBF1BF48314B4986AAE84ADB312E774EC85CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3D598 Relevance: .2, Instructions: 169COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 77b418bf557a2694bd0b73ab5f43930c16dcbee8bcd49f94d30ff854859bf494
                                                                    • Instruction ID: 72bb77149e0dc2ee9aa33e07743a4b2a1458932770dff5d96964b23de728a6a0
                                                                    • Opcode Fuzzy Hash: 77b418bf557a2694bd0b73ab5f43930c16dcbee8bcd49f94d30ff854859bf494
                                                                    • Instruction Fuzzy Hash: DE6167306102008FDB14EF28C894B9D77B6FF89315F148AB8D54A9B3A5DB74A909CB60
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D34330 Relevance: .2, Instructions: 158COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c1f1c08eadbaf6be2bab02646a04f23c1bf5b0538cbb0b568917cda87c19e7ce
                                                                    • Instruction ID: 15ef639001c64455ae5b440b9e02713781502b6cf8cc4a20df21bca6bcbc869d
                                                                    • Opcode Fuzzy Hash: c1f1c08eadbaf6be2bab02646a04f23c1bf5b0538cbb0b568917cda87c19e7ce
                                                                    • Instruction Fuzzy Hash: 9E516F75E002499FDB14DFA9D814AAFBFF9EF89311F10886AD415E3350DA74A905CBA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3B291 Relevance: .2, Instructions: 150COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 252f9bddde18443407d76aed200b6710d3484605f47ccaf41f567059aebd760a
                                                                    • Instruction ID: ffdba9f8b967b0446c13a93ab88c5394f1edf2dbb6ee132e16c1c30380237337
                                                                    • Opcode Fuzzy Hash: 252f9bddde18443407d76aed200b6710d3484605f47ccaf41f567059aebd760a
                                                                    • Instruction Fuzzy Hash: 78610D7591070ACFCB41EF68C880999FBB1FF49310B14C796E859EB256EB74E985CB80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D34D24 Relevance: .1, Instructions: 130COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 30a99e20a84b56860d5c8507b51d3d06b3a4cae81650fef300ab8f7ae6c2a987
                                                                    • Instruction ID: f3cbf3c85bc4d24c8580a605c4396f134f6da635c24ae9f56b9b46c0184c601f
                                                                    • Opcode Fuzzy Hash: 30a99e20a84b56860d5c8507b51d3d06b3a4cae81650fef300ab8f7ae6c2a987
                                                                    • Instruction Fuzzy Hash: C7318D30A02218EFCB14EFA4E5945ADFBB2FF85306F1584AAE45177295CB34E865CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D31220 Relevance: .1, Instructions: 124COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d03657774d12910f1a3b1b0395c921464b0535d18ab26ddf74b1c419a826c764
                                                                    • Instruction ID: 4533023181289ed1151bbbe33843f38a0e11b15cbc706cc94186faa084ca0e32
                                                                    • Opcode Fuzzy Hash: d03657774d12910f1a3b1b0395c921464b0535d18ab26ddf74b1c419a826c764
                                                                    • Instruction Fuzzy Hash: 52419A35A0021ACFDF15EFA9D854AEDBBB1FF88311F14812AD841E7350EB75A845CBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D30040 Relevance: .1, Instructions: 112COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6345faad942a8a14c88308865a7cffeaae48c13caba32dd7d2145bfde0fcef29
                                                                    • Instruction ID: d4f5d0f30c4097ae466b50b3174c472e3c7ab9b1516888a7dd645312818f952b
                                                                    • Opcode Fuzzy Hash: 6345faad942a8a14c88308865a7cffeaae48c13caba32dd7d2145bfde0fcef29
                                                                    • Instruction Fuzzy Hash: 8E411830B012199FCF59DFB8D8846AEB7F2AF48305F10452AE106EB394EB75AD41CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D39518 Relevance: .1, Instructions: 109COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ed9f50c8856b068acb33f4888299d46a50e286eedd6b40010789e7fcdc2976db
                                                                    • Instruction ID: 70a47c3f71a0ed694d1c0b129838ee35207d49440973f20b9371095bf1508a03
                                                                    • Opcode Fuzzy Hash: ed9f50c8856b068acb33f4888299d46a50e286eedd6b40010789e7fcdc2976db
                                                                    • Instruction Fuzzy Hash: 25416134A10709CFCB04EF78C89499DBBF6FF89304F118559E515AB365EB70A946CB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D30007 Relevance: .1, Instructions: 105COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5ea9973f023f73a7947f003a261f12406f3d583eb3e89b2989c90d7a08f5d682
                                                                    • Instruction ID: 44efb78da89be1587121d8cb008847c00827241826123c0b03dc5e48e9ebd8b3
                                                                    • Opcode Fuzzy Hash: 5ea9973f023f73a7947f003a261f12406f3d583eb3e89b2989c90d7a08f5d682
                                                                    • Instruction Fuzzy Hash: C431ED31B062489FCB16CF78D89429DBBF1EF49204F0540AAD545EB3A2EB38AD06CB51
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D39528 Relevance: .1, Instructions: 101COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e5b856c55bef1172a2c1f5db0916d9af1846c9eacbf1bc95ff201ceea1ad1f99
                                                                    • Instruction ID: b7bf71aafcaa12457eb56287fde2f63b67487c0d9c6e639abaa5f96c414ff690
                                                                    • Opcode Fuzzy Hash: e5b856c55bef1172a2c1f5db0916d9af1846c9eacbf1bc95ff201ceea1ad1f99
                                                                    • Instruction Fuzzy Hash: 73414F34A10709CFCB04EF78C85499DF7B6FF89304F008559E5166B365EB71A946CB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D37297 Relevance: .1, Instructions: 99COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c77dc0aa0420696920b01213e51ced31944495eeafe91d2800ce6adc8b7736d6
                                                                    • Instruction ID: ff73108c5cdf7e076f4baa0dbf83b3e0a6b038b79b6d915b1dccf22fb0bc797c
                                                                    • Opcode Fuzzy Hash: c77dc0aa0420696920b01213e51ced31944495eeafe91d2800ce6adc8b7736d6
                                                                    • Instruction Fuzzy Hash: 1A411D75A0060ADFCB44DF69D88499EFBB5FF49310B14C699E918AB311E730E985CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3A42F Relevance: .1, Instructions: 98COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: aa88f9fb5d9c29c584392ed447065712a86ee93269facd3f75d77be872c04593
                                                                    • Instruction ID: 70183c37a8a67578c9e3604d4c2551c41ccd883205cb1637cb5ca90daa6080e0
                                                                    • Opcode Fuzzy Hash: aa88f9fb5d9c29c584392ed447065712a86ee93269facd3f75d77be872c04593
                                                                    • Instruction Fuzzy Hash: D8411874B046068FC714CF68C584999FBF1FF49310B1986AAE48ADB752D735EC45CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D34324 Relevance: .1, Instructions: 95COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7bed5d3a565b4561c57bd00ab870316be15ac3f467ae5a8fa96fe3c47fd97a08
                                                                    • Instruction ID: 0f7f543d225c688eeb4a3735590f32b0fff06ad8a1f4c353a3ff71478d7e1a66
                                                                    • Opcode Fuzzy Hash: 7bed5d3a565b4561c57bd00ab870316be15ac3f467ae5a8fa96fe3c47fd97a08
                                                                    • Instruction Fuzzy Hash: 6B41B1B4D00358ABDB14CF9AD884A9EFBB1BF49314F10822AE418BB250D774A845CF91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D34F6C Relevance: .1, Instructions: 93COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 52f451a1d933cbc20464cd98612ccc858788e30b5df96070b04f809b075e2825
                                                                    • Instruction ID: 2de7e8aec343d0bb4702124aad01498611c6508d2eae5a99998bf9c87d44a9cc
                                                                    • Opcode Fuzzy Hash: 52f451a1d933cbc20464cd98612ccc858788e30b5df96070b04f809b075e2825
                                                                    • Instruction Fuzzy Hash: 23314DB5E00308AFDB14DFAAD844A9EFFF5EB89320F14C46AD519A3250D774A945CFA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D39420 Relevance: .1, Instructions: 92COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0fd4c1d5a20ad68f5332bab3063152e50d6732e595f963120cab6983a4247f16
                                                                    • Instruction ID: 6b8532332207b1c837276a07a70d5b4bba82085a580b5275c9d97c2b044ffb69
                                                                    • Opcode Fuzzy Hash: 0fd4c1d5a20ad68f5332bab3063152e50d6732e595f963120cab6983a4247f16
                                                                    • Instruction Fuzzy Hash: CA317C35B002199FCF04EF68E8548DDF7B6FF88215B048569E506AB360EB75BD06CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D372A8 Relevance: .1, Instructions: 92COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 58ce05d5a71378fafcaedb1614dbaa4c659887db97c9f9d6cf6d6edbce77f9b5
                                                                    • Instruction ID: a568e6d8d03584658927c91337871ffa4a97f04f747690d410686d8b4fe9a3e9
                                                                    • Opcode Fuzzy Hash: 58ce05d5a71378fafcaedb1614dbaa4c659887db97c9f9d6cf6d6edbce77f9b5
                                                                    • Instruction Fuzzy Hash: 44410775A0060ADFCB44DF69D88499EFBB5FF89310B14C669E918AB311E730E985CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D304E8 Relevance: .1, Instructions: 91COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7c1e0faca68c3dd4bae1fd79dc6e514c6b919952c35923aa4d6f90b412533930
                                                                    • Instruction ID: 1518ee9ffdee871afde96095b23471ac986a519a84cc2a78f6726c5dae81bf21
                                                                    • Opcode Fuzzy Hash: 7c1e0faca68c3dd4bae1fd79dc6e514c6b919952c35923aa4d6f90b412533930
                                                                    • Instruction Fuzzy Hash: 1631AE75A10700CFEB01EF69E854355BBA2FF88314F18857AE8497B35AEB74A448CB60
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D304F8 Relevance: .1, Instructions: 89COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 641ab9e43a7a574a769db6301c0af8b2d2852e9a4283da092b2f67661d4f6d6f
                                                                    • Instruction ID: b10c16fe57950669df6c1318e82de648c37b41f3d94c598d95b0ad61070eed86
                                                                    • Opcode Fuzzy Hash: 641ab9e43a7a574a769db6301c0af8b2d2852e9a4283da092b2f67661d4f6d6f
                                                                    • Instruction Fuzzy Hash: 0631AD71A106008BEB44EF69E884756B7A2FF88354F08C57AE8497B34AEF74A444CB60
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D37E88 Relevance: .1, Instructions: 89COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 168e6c8eb85a9fc28b341b6085378d2f455db88a2a985ca694e65ce2ef823d8e
                                                                    • Instruction ID: 9716e3852c4015784f2d0ee4d0cc532f50c91e4f4f3c636f413e5e974e8be8bb
                                                                    • Opcode Fuzzy Hash: 168e6c8eb85a9fc28b341b6085378d2f455db88a2a985ca694e65ce2ef823d8e
                                                                    • Instruction Fuzzy Hash: 4A2194323502018FD714AF2CC8C4A697BE6FF85712B1984B5F149CF7A6DA35EC009B90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D35579 Relevance: .1, Instructions: 85COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 61f084cbd0a5da1797663b5d80e7740bf41d18e598863dc6ce9b0e7652c3f993
                                                                    • Instruction ID: c76c2c0899105a45d9de977a9c0ccb0ca7d93255c6c311e822fff93e0aea8aad
                                                                    • Opcode Fuzzy Hash: 61f084cbd0a5da1797663b5d80e7740bf41d18e598863dc6ce9b0e7652c3f993
                                                                    • Instruction Fuzzy Hash: CC21A270B002556FDB11DFA9DC10ABFBFF9EFC9201F1085AAE415E3250DA34AA05CBA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3DD9F Relevance: .1, Instructions: 77COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8f1623b29490b0f8292c106f0300d3904d935ceca0af415b2b5466d20ad3e85a
                                                                    • Instruction ID: 8b5fa1e5b6115eedf6d7cfdc9451d0ab5f1fe6471a1a9613e855fee0fff5f76d
                                                                    • Opcode Fuzzy Hash: 8f1623b29490b0f8292c106f0300d3904d935ceca0af415b2b5466d20ad3e85a
                                                                    • Instruction Fuzzy Hash: C42195357097808FD71A9B38E85497E7FF6AF86201B1948ADD446DB3A2CE249C06C751
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00A3D3D8 Relevance: .1, Instructions: 75COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2086067984.0000000000A3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_a3d000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: da14139431a07ccfd115979e69d3805f8d310b7c4633d00937e79b89ce864806
                                                                    • Instruction ID: e5d2e09118d187985108efabaa163ff05a850b468675c32c2645aec78a4473c8
                                                                    • Opcode Fuzzy Hash: da14139431a07ccfd115979e69d3805f8d310b7c4633d00937e79b89ce864806
                                                                    • Instruction Fuzzy Hash: 8A21F575504204DFDB05DF14E9C0F26BF65FB98324F24C569E9090B256C33AE856DBA2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D34F98 Relevance: .1, Instructions: 74COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: deff3a41c0dd2685db9639da8860b61c8a520f84a7f6d6ea15c47a70b744d2f2
                                                                    • Instruction ID: 1f41b001439e7b3282cc680664f625e947034acac6aa2539560f1aea8fa40c30
                                                                    • Opcode Fuzzy Hash: deff3a41c0dd2685db9639da8860b61c8a520f84a7f6d6ea15c47a70b744d2f2
                                                                    • Instruction Fuzzy Hash: 6721C275F002068FEF04DFB8C9505EEBBF2AF88300F14452AD405E7251EB359A02CBA2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D37B40 Relevance: .1, Instructions: 74COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 319f721d1a3d52935b4eda9fb60e16879e3480632dc574f841bd85817dab68d8
                                                                    • Instruction ID: b03f6b25d648766a1955d7056f13054b68486f388384c1fae602ba9e50ed4210
                                                                    • Opcode Fuzzy Hash: 319f721d1a3d52935b4eda9fb60e16879e3480632dc574f841bd85817dab68d8
                                                                    • Instruction Fuzzy Hash: 59115031F059619FCB556B18854457E7BE6EFC570170580E9D80597741CF28ED06C791
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00B5D1D4 Relevance: .1, Instructions: 72COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2087105585.0000000000B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B5D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_b5d000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bba146767c83455ef6a4160cfac13cd27ea322738a33139c83fcb9e16862e8e1
                                                                    • Instruction ID: 2adafd41168c64980d698726c1bebbaa7fbba5bdc7b28bc09d7940a693bcef49
                                                                    • Opcode Fuzzy Hash: bba146767c83455ef6a4160cfac13cd27ea322738a33139c83fcb9e16862e8e1
                                                                    • Instruction Fuzzy Hash: 6821F571604204DFDB25DF14D5C0B26BBA5FB88315F20C6EDDD094B256C37BD84ACA61
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00B5D01C Relevance: .1, Instructions: 72COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2087105585.0000000000B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B5D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_b5d000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8c0549c0b1e0e7b8ed7af1fe538fac0042d2ecfaadcbd8b8633e07c890e71d46
                                                                    • Instruction ID: 41da1ca6b1cc3408a614c4fe58c242c2ca3db59d269e3cf7f0a620e097935428
                                                                    • Opcode Fuzzy Hash: 8c0549c0b1e0e7b8ed7af1fe538fac0042d2ecfaadcbd8b8633e07c890e71d46
                                                                    • Instruction Fuzzy Hash: BA21D371504244DFDB24DF24D5D4B16BBA5EB88315F28C6E9DD094B296C33AD80BCA61
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3C450 Relevance: .1, Instructions: 70COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 35e95fd85c9117c4eec0e7a9bddd36151e129b166cfb7f2d24d7b99ddb5a39b2
                                                                    • Instruction ID: c8c2e2d7049ba1e2cff60b10233acbab6427e7f298419d3b3392bdd41210b91d
                                                                    • Opcode Fuzzy Hash: 35e95fd85c9117c4eec0e7a9bddd36151e129b166cfb7f2d24d7b99ddb5a39b2
                                                                    • Instruction Fuzzy Hash: 342153329106099FCB10EF6CD88059AFBF4FF49311F50C26AE958B7205FB30A958CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D317B8 Relevance: .1, Instructions: 66COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5da91cb82cd5a413dcce52274e64c4729f4f7036702a49cf0e1a06a34e1f4303
                                                                    • Instruction ID: 331c9dfdf8ca7746927df2c219d45471e78acd2f4aa94f58ff555ba27adbd941
                                                                    • Opcode Fuzzy Hash: 5da91cb82cd5a413dcce52274e64c4729f4f7036702a49cf0e1a06a34e1f4303
                                                                    • Instruction Fuzzy Hash: F5110A30A082429FE715AF78C424BAE7FA1EF86705F54485DD081972D2DA75AD05C7A2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D30410 Relevance: .1, Instructions: 62COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b5c147e6004d88bd37c8cea58468cdc6467565eb65016152534d7e8dc7aa2f4f
                                                                    • Instruction ID: daebc320699d200cfc0373276528114d0028c241d4a01a7c123e67d9f2cb2458
                                                                    • Opcode Fuzzy Hash: b5c147e6004d88bd37c8cea58468cdc6467565eb65016152534d7e8dc7aa2f4f
                                                                    • Instruction Fuzzy Hash: 33219D31500700CFD7A5AB34C840AAAB7B7EF85315F0084AEC05A5B375DF35A88ACB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00B5D005 Relevance: .1, Instructions: 60COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2087105585.0000000000B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B5D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_b5d000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5af44893c383f40c1789d2c87799b3e293665c7887f5fc07624c1aa4af2a08c4
                                                                    • Instruction ID: 22dfdc13f840d3a6a17cde80c1d4677899d73d3d6b10c7a5464cb8205fdc8387
                                                                    • Opcode Fuzzy Hash: 5af44893c383f40c1789d2c87799b3e293665c7887f5fc07624c1aa4af2a08c4
                                                                    • Instruction Fuzzy Hash: 1821A7755093C08FDB12CF20D594715BF71FB46314F28C6DAD8498B697C33A980ACB62
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D383E9 Relevance: .1, Instructions: 58COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 764716ba19aa7b7736eb897c530c91ddcb9f32d959480a1a17ea464cd3b69dfb
                                                                    • Instruction ID: 4f8d87f82aa87a88a593c587a017aeb0ce81efa07ed59c99aff321b8cd24e366
                                                                    • Opcode Fuzzy Hash: 764716ba19aa7b7736eb897c530c91ddcb9f32d959480a1a17ea464cd3b69dfb
                                                                    • Instruction Fuzzy Hash: C611A1363442014FDB249A28CCD46A93BE7FFC6311B1E84B6F149CFBA6D629EC058750
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00A3D3D3 Relevance: .1, Instructions: 56COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2086067984.0000000000A3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_a3d000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                    • Instruction ID: f8672f0348654ecf0a49c0f6a9425e86f20516af6845534e306253b8be67f8c4
                                                                    • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                    • Instruction Fuzzy Hash: 74112672404240CFCF02CF10E5C4B16BF71FB94324F24C6A9E9490B256C33AE85ACBA2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D30420 Relevance: .1, Instructions: 55COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2ec8c98ada592794a2e01e85a7be1983e813a30e1768a4ab0d23bfefbcee294b
                                                                    • Instruction ID: b3dfd50970eac6f92adf7b7f8425aa324ee6c26198e6fbf953a69bf161344382
                                                                    • Opcode Fuzzy Hash: 2ec8c98ada592794a2e01e85a7be1983e813a30e1768a4ab0d23bfefbcee294b
                                                                    • Instruction Fuzzy Hash: 42116A31600705CFD7A4AB74C840AAAB3A7EF85215F10886EC15A1B374DF75B88ACB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D317E0 Relevance: .1, Instructions: 54COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c6b2ed743af4e036aef35dfffe117b9b6815f5eb3f26923201ae3bedd36b3309
                                                                    • Instruction ID: 4a3eda3f58b593dc9ee57f4154114c4f6f4632de8396b68f711beb502244d21a
                                                                    • Opcode Fuzzy Hash: c6b2ed743af4e036aef35dfffe117b9b6815f5eb3f26923201ae3bedd36b3309
                                                                    • Instruction Fuzzy Hash: E111A030A0020A9FEB18EFA5D1157AEB7F2EF89305F108869D105A7385DB75BD05CBA6
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00B5D1CF Relevance: .1, Instructions: 53COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2087105585.0000000000B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B5D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_b5d000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                    • Instruction ID: 395a6d92247f7aa2383bbb233a05ab0d5ffac1d3c3924824694c2be30ba09c5b
                                                                    • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                    • Instruction Fuzzy Hash: 8C117975504280DFDB16CF14D5C4B15BBA1FB84314F24C6E9DC494B696C33AD84ACB62
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D36729 Relevance: .1, Instructions: 53COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 36a99f09bb4e82b3eb00e7ca74438cd5782c1971f48c9cef2c8f164846ab0d2e
                                                                    • Instruction ID: 71e0e39eac8407ec6773f58706972dcfad5aa97a0158f9302e8d11668443dc26
                                                                    • Opcode Fuzzy Hash: 36a99f09bb4e82b3eb00e7ca74438cd5782c1971f48c9cef2c8f164846ab0d2e
                                                                    • Instruction Fuzzy Hash: 72012BA6B043442FEF08DF745C640AE7FB6DA8115671584BBD401C7643FD35E8078360
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D35898 Relevance: .1, Instructions: 53COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: db7cdf17377b7878b76c33f982c2130fb0d20be20998e508a61813af917a6876
                                                                    • Instruction ID: 6761c071edefddb0f42711c8efe0661fffce2fa63a17caaaa0f616621716323f
                                                                    • Opcode Fuzzy Hash: db7cdf17377b7878b76c33f982c2130fb0d20be20998e508a61813af917a6876
                                                                    • Instruction Fuzzy Hash: 7811F3B5D002489FDB10DF9AD844ADEFBF8EB49320F14851AD458A3210D379A544CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D320C1 Relevance: .1, Instructions: 51COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c3ed4d7f3b57c92bd9bc2afc6d46952d4e785c82c2cf7318af18eadf7d01e78a
                                                                    • Instruction ID: 2ef43cdf1db58d0b60f51eba3ba97d0180eb35706416e61a16d9ae2ec80a2dae
                                                                    • Opcode Fuzzy Hash: c3ed4d7f3b57c92bd9bc2afc6d46952d4e785c82c2cf7318af18eadf7d01e78a
                                                                    • Instruction Fuzzy Hash: 98019275A000109FEF049F54D999BAB7BF2EBC8305F158169F502BB794CA399D06CBA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D34F8C Relevance: .1, Instructions: 51COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a3c8d5dd6e593c09f51ede9a9d4e13f2df41620cdc58a57cc6c2842b322d7d51
                                                                    • Instruction ID: 657f44295b4beb9f89fe34997641cc8e6ceaceadc5db7c7f999dd77262c75b06
                                                                    • Opcode Fuzzy Hash: a3c8d5dd6e593c09f51ede9a9d4e13f2df41620cdc58a57cc6c2842b322d7d51
                                                                    • Instruction Fuzzy Hash: 2C11F3B5D006089FDB10DF9AD444B9EFBF4EB49320F14841AE459A7310D378A944CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D34B4C Relevance: .1, Instructions: 51COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7b1766744ab6c223a065f1caa23d4a059f31f202c263709f50761afd6dfee540
                                                                    • Instruction ID: afa06226b5b974184999f360ecdd8ab1ce8bd602069e0ad7f7ab1f386c5035f2
                                                                    • Opcode Fuzzy Hash: 7b1766744ab6c223a065f1caa23d4a059f31f202c263709f50761afd6dfee540
                                                                    • Instruction Fuzzy Hash: A411F0B5D006089FDB10DF9AD544B9EFBF8EB89320F10852AE859A7310D778A944CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D39F68 Relevance: .0, Instructions: 47COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2992fe914bd1e8e92a9f39986f120c57595151c2036532690bdf0a5de9f9c938
                                                                    • Instruction ID: 7e477d78fa795c80de851e26b28657bea9643ad60f96da1b22a56b3edeb9068d
                                                                    • Opcode Fuzzy Hash: 2992fe914bd1e8e92a9f39986f120c57595151c2036532690bdf0a5de9f9c938
                                                                    • Instruction Fuzzy Hash: 8401F7327046418FCB116F68E8508ADBF75EFC622571549AAE149D7222DB70ED0AC790
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D35DF0 Relevance: .0, Instructions: 46COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8eda8583cf8e00827b7d5a83cc7b3e0f2d69a1c3fbef595bbda0f3c8f6cdbba5
                                                                    • Instruction ID: 3a9c628a072cb68587796d96319589c53f0bc418e3233c830911ca3724d9bc9c
                                                                    • Opcode Fuzzy Hash: 8eda8583cf8e00827b7d5a83cc7b3e0f2d69a1c3fbef595bbda0f3c8f6cdbba5
                                                                    • Instruction Fuzzy Hash: E801F971B04254AFEF12B7A8A8515BE7FB6DFC5605F100069D504A7381CA382E16C7F6
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D36D28 Relevance: .0, Instructions: 46COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 90fdcfd01f499d9d2b09f5f9df0fc81fbbf05bb5c0fcc0e9740ab47e52931373
                                                                    • Instruction ID: c61e45fb417e12bdaba4bf8aa97b768abcd1d0fd2b23c06b39d72ccd8e5f7b93
                                                                    • Opcode Fuzzy Hash: 90fdcfd01f499d9d2b09f5f9df0fc81fbbf05bb5c0fcc0e9740ab47e52931373
                                                                    • Instruction Fuzzy Hash: 461100B58006489FDB20DF9AD549B9EFBF8EB48320F24841AD919A7310C379A944CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D320D0 Relevance: .0, Instructions: 45COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 895175f83e013c5e980a6e0a1c580a8da32e899f91dc72c2c588c7af36878c33
                                                                    • Instruction ID: 440862e454b0e2f22ccab301acc21f6ba3f5834c8a33a46d755fbb9cadd65966
                                                                    • Opcode Fuzzy Hash: 895175f83e013c5e980a6e0a1c580a8da32e899f91dc72c2c588c7af36878c33
                                                                    • Instruction Fuzzy Hash: DF017C71A001149BDB04AF68D959BAF7BF6EB88701F148569F502BB394DB79AC00CBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D37C10 Relevance: .0, Instructions: 45COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 459ac1c22679e7d97594be67f180bbde5ef01c614f459839aee67ef27834dd4e
                                                                    • Instruction ID: bbf607c6fbb49a489300d76594bf74130c2f2c465ca0513022f67aba1d036d7e
                                                                    • Opcode Fuzzy Hash: 459ac1c22679e7d97594be67f180bbde5ef01c614f459839aee67ef27834dd4e
                                                                    • Instruction Fuzzy Hash: 6701F93A354A00CFD729DA38D4818B937A2FBDA61172D41EAD001C7371C935EC02CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3DE08 Relevance: .0, Instructions: 45COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c5702431fc9edd3a9648319113d0f09447c74dadddc9b674e7bdade28b5e8fe3
                                                                    • Instruction ID: a0fb619af52eb62fec48c471238dee69c9cf20d64fbfe6e7a5b76dcaca02fd68
                                                                    • Opcode Fuzzy Hash: c5702431fc9edd3a9648319113d0f09447c74dadddc9b674e7bdade28b5e8fe3
                                                                    • Instruction Fuzzy Hash: 7B017C757002008FD718DB29E89896ABBEAFFC8315B18846DE80ADB320CB71EC05CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00A3D745 Relevance: .0, Instructions: 45COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2086067984.0000000000A3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_a3d000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 492fdf62011d506b2035409fd4aafb4e62603a7b16de87402345ad9f8be91ebc
                                                                    • Instruction ID: aee57bbe7564859090b8ed348dda43459953fd502612d70f4e21a6481b742521
                                                                    • Opcode Fuzzy Hash: 492fdf62011d506b2035409fd4aafb4e62603a7b16de87402345ad9f8be91ebc
                                                                    • Instruction Fuzzy Hash: 42012631004340DAE7208F29DD84B67BFACEF46360F18C52AFD090E286C2399C00CAB1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D39760 Relevance: .0, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 888185d0b7387966067f9a6781bf83e8e6971a64cb4a5e7eccd6996f8986ec34
                                                                    • Instruction ID: f4ed61014473f3d1a6627cec32cb6be45eea1dd451e0c1bf4b9aaabc1196809f
                                                                    • Opcode Fuzzy Hash: 888185d0b7387966067f9a6781bf83e8e6971a64cb4a5e7eccd6996f8986ec34
                                                                    • Instruction Fuzzy Hash: 8C014CB0600B048FD728EF39C41055A7BF6EF85305B10C56EE8469B3A0EB71E941CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D36D30 Relevance: .0, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0c38456eed2098d3844675ce6fd14fd8c7ce3df323b4330ecadf8cfcfc029e51
                                                                    • Instruction ID: c594ff681ff28856cf480486ded7b8a909407bc774af7c1cb88a943eead95f5a
                                                                    • Opcode Fuzzy Hash: 0c38456eed2098d3844675ce6fd14fd8c7ce3df323b4330ecadf8cfcfc029e51
                                                                    • Instruction Fuzzy Hash: F61112B58003489FCB20DF9AD548BDEFBF8EB48320F24841AD519A7310C378A944CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D39B19 Relevance: .0, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bcb253490b1794779879507ee1df698be86a90196f0065044a907061ea2a7ffd
                                                                    • Instruction ID: 839ec1165de04dd870e23541fab254c7d2ef2cba3193361787790f2221e677f7
                                                                    • Opcode Fuzzy Hash: bcb253490b1794779879507ee1df698be86a90196f0065044a907061ea2a7ffd
                                                                    • Instruction Fuzzy Hash: 8301F432B007049BEB167B34C8511EEB7F6EFC5221F1586AEE54957241EF34A94387E1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D39750 Relevance: .0, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9018701349c3385e2a419312c60693115bc9d35e2c3c5ee193516073dff10d3d
                                                                    • Instruction ID: af7239a6f43d03a895e158fee99defe9b8ee9b444994aee0cf7eae1b02e59812
                                                                    • Opcode Fuzzy Hash: 9018701349c3385e2a419312c60693115bc9d35e2c3c5ee193516073dff10d3d
                                                                    • Instruction Fuzzy Hash: 980171B4600B04CFE715EF38C45056A7BF2EF86301B04C5ADD4468B6A5EF74E886CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D36DC1 Relevance: .0, Instructions: 41COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 73d279adff744730310f64473a2d8915a0a8af94ef7c7275dc53ba7efe4fdce3
                                                                    • Instruction ID: 429e1d1e98867e1ad3f9210d101e850c8a355eae7b2efd76a4a0beaaad73ab25
                                                                    • Opcode Fuzzy Hash: 73d279adff744730310f64473a2d8915a0a8af94ef7c7275dc53ba7efe4fdce3
                                                                    • Instruction Fuzzy Hash: C301ADA210E2C46FD7039B24D821EA93F659B17204F4984C7E894CB0A3C62ED626C766
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D38233 Relevance: .0, Instructions: 40COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b6afdcaa54937b6e350e05aa162e98dfd0dde1a550ec9bc8ea08b476a4718451
                                                                    • Instruction ID: 2db047ef94f6f21fed1232b0c6b869496535e50f1103e16bf0b53bf18803eeff
                                                                    • Opcode Fuzzy Hash: b6afdcaa54937b6e350e05aa162e98dfd0dde1a550ec9bc8ea08b476a4718451
                                                                    • Instruction Fuzzy Hash: 46F0243A3009108BDF1ABB39945067EA7D6EFC6756B19406EF801CB7A1DE24EC06D7A1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D37C20 Relevance: .0, Instructions: 40COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: dd03ed06372a6a6bcacee52ac7c313f75c973da3e5e1570cecb8fa57a2869d27
                                                                    • Instruction ID: bbeba77d11448d05c574a6506e039f2c9f58feb40c42a1554a0b7de27e048b06
                                                                    • Opcode Fuzzy Hash: dd03ed06372a6a6bcacee52ac7c313f75c973da3e5e1570cecb8fa57a2869d27
                                                                    • Instruction Fuzzy Hash: 8EF0967A350A108FD728DA3DC84086A73A6FBCAB6572981E9E412C7374CA35EC01CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D37E68 Relevance: .0, Instructions: 40COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8ea1ac68cef167a7ee81f9f5eee0d2ff6dec2a16c2cf7a9096da0a5bcd0ad337
                                                                    • Instruction ID: 227f07e295ba0ae3b08c6b2cab998750935929181053dedb914e58d76ce9440d
                                                                    • Opcode Fuzzy Hash: 8ea1ac68cef167a7ee81f9f5eee0d2ff6dec2a16c2cf7a9096da0a5bcd0ad337
                                                                    • Instruction Fuzzy Hash: 1BF0B4353116118BDA28B62A8850A3F76D9AF86E037044429F442C3660DE60FC06FAA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D35E00 Relevance: .0, Instructions: 40COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fd6b3ac3e160efc5176b8ea76c806ec8b16663710d95d086440c14eade19abcc
                                                                    • Instruction ID: f0bdf458ab92ad1da4eb0ded77100a182dd37560b2f68d680be4fc47505dfd99
                                                                    • Opcode Fuzzy Hash: fd6b3ac3e160efc5176b8ea76c806ec8b16663710d95d086440c14eade19abcc
                                                                    • Instruction Fuzzy Hash: 6EF0BB71B00115AB9F15F7A8E8519BEBBBADFC8615F100029D505A7340CE387E11C7F5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D39B98 Relevance: .0, Instructions: 40COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7f08e042f4282a8eb792a47aa642d9a1a169421edc868b5df97c1b65ac8515b6
                                                                    • Instruction ID: f8429ce0b16664cf92f50ff0f62f5ef2a004ab77097c4f1e7e796719d4ae3cb0
                                                                    • Opcode Fuzzy Hash: 7f08e042f4282a8eb792a47aa642d9a1a169421edc868b5df97c1b65ac8515b6
                                                                    • Instruction Fuzzy Hash: 72F02831204600CFC726AF1AD4948AABBB6FFC5322B0501AED44987761CF78EC8ACB51
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D382C9 Relevance: .0, Instructions: 39COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 77ab46e8b0a3d4ff59c6b94427cb1304fc42ca7eef6888f4c833c8936bd93eed
                                                                    • Instruction ID: f9c8debf32d5bbe785fa7d69d619c4bdfc8f3985ba258557f7f518bf41253567
                                                                    • Opcode Fuzzy Hash: 77ab46e8b0a3d4ff59c6b94427cb1304fc42ca7eef6888f4c833c8936bd93eed
                                                                    • Instruction Fuzzy Hash: 9DF0F6313086518FDB25762A844097A3BD56F83E03709009EF442CB692CA14EC01EBA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3A3D8 Relevance: .0, Instructions: 38COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0f8d7b85917f79e8a197de43bdc4addd4fe143583ebbfd9c06e209cf610f3c1c
                                                                    • Instruction ID: d13b35b7becf8faff27653f176524d4446b4f57c0285a28f6da31d9258b9a9ad
                                                                    • Opcode Fuzzy Hash: 0f8d7b85917f79e8a197de43bdc4addd4fe143583ebbfd9c06e209cf610f3c1c
                                                                    • Instruction Fuzzy Hash: D501A9703482108FC715DF28D488C587BE2EF8A70970500EAE18ACB332DB72EC05CB40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D36DE1 Relevance: .0, Instructions: 38COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 59afe770283190804c53edc490769d68db82bc21b22524b74ce88293acf45860
                                                                    • Instruction ID: 4415325ff2925550ee4cc21412a542cb944cb6f8ca2422afd69ab466f1f0e7d4
                                                                    • Opcode Fuzzy Hash: 59afe770283190804c53edc490769d68db82bc21b22524b74ce88293acf45860
                                                                    • Instruction Fuzzy Hash: 7C0181A214E7C95FD7038B24DD11FA63F759F27204F0980CBE984CB0A7C62D9526C7A6
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D371F8 Relevance: .0, Instructions: 37COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 49b86d4a97373872131bc17631a84006918ed21aa1102af1f9ca0d5a16a5b859
                                                                    • Instruction ID: 5c3d660dfea2e8e3278578badf25241ac17b04bccb83ec933f001f1bbf5c629a
                                                                    • Opcode Fuzzy Hash: 49b86d4a97373872131bc17631a84006918ed21aa1102af1f9ca0d5a16a5b859
                                                                    • Instruction Fuzzy Hash: C7011671E04209DFCB41EFA8C5448EDBBF0EF49300B1082ABE449EB321E7709A44CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D39F78 Relevance: .0, Instructions: 37COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 83d38e4b3068fe9ba1cf29202466fe3d27b37bc0cdb036a361772a6ced2ba769
                                                                    • Instruction ID: 8ed653087df887e879307f87a1d2083abed166b729905e88a18264d8a5e94452
                                                                    • Opcode Fuzzy Hash: 83d38e4b3068fe9ba1cf29202466fe3d27b37bc0cdb036a361772a6ced2ba769
                                                                    • Instruction Fuzzy Hash: 80F0B4367006004F8714AE6EF89481AB7AAEFC4265300457AF10AC7320CFA0EC0A8790
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D39B28 Relevance: .0, Instructions: 37COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2fc0bece0ac27757b35af0a8f372c861897e4304b2f3f0b9f897e66d826c703d
                                                                    • Instruction ID: 68100bd45005a0a788281cfd700a2f8ef25e9a29921aa667c3709e51bac9749b
                                                                    • Opcode Fuzzy Hash: 2fc0bece0ac27757b35af0a8f372c861897e4304b2f3f0b9f897e66d826c703d
                                                                    • Instruction Fuzzy Hash: 11F06231B00704CBDB157B74C8105AEB7F5EFC5211F0546AEF94557240EF70B94186E5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D38240 Relevance: .0, Instructions: 36COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7a6ffbc35215f561eca3dd0aa3ff9e028c99d3a032492a881959f5ce0d2f9027
                                                                    • Instruction ID: 9153eaa98faccb4b6df1d8401e4190159d42a5ef8300bbda6ef21c36c768825d
                                                                    • Opcode Fuzzy Hash: 7a6ffbc35215f561eca3dd0aa3ff9e028c99d3a032492a881959f5ce0d2f9027
                                                                    • Instruction Fuzzy Hash: 9AF0E935300910579F19BB3A841063EB2DAEFC5A16704403EF905CB350DF74EC05D3A0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00A3D744 Relevance: .0, Instructions: 36COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2086067984.0000000000A3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_a3d000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5add36fd2ad3bba686da8a3a55fe722ffdffd4def75fafed1f985b3dcc6ec463
                                                                    • Instruction ID: 82ba1593a0a4b9f66027adb58b8ce86c76dcfcd5a0697e32e92e665743dc5b37
                                                                    • Opcode Fuzzy Hash: 5add36fd2ad3bba686da8a3a55fe722ffdffd4def75fafed1f985b3dcc6ec463
                                                                    • Instruction Fuzzy Hash: 69F06271404344DAE7108F1AD988B63FF98EF55734F18C55AFD484E286C2799C44CAB5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D37208 Relevance: .0, Instructions: 33COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                                                    • Instruction ID: 4243ceffdd30f352615e2fe6667d750750fc4abca0ae9b7f9b7c733986b7bd1f
                                                                    • Opcode Fuzzy Hash: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                                                    • Instruction Fuzzy Hash: 0601B675D00609DFCB40EFACC54589DBBF4FF49210B1185AAE859EB321E770AA44CF91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D36E7B Relevance: .0, Instructions: 30COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9a2c4a7cadf4df46498944b220ac716235d94648994f3724fdc89ee7809d3784
                                                                    • Instruction ID: a457289042052027b82ef2e2cd202ff52a00b61f4672a1b024f4281fca671c0c
                                                                    • Opcode Fuzzy Hash: 9a2c4a7cadf4df46498944b220ac716235d94648994f3724fdc89ee7809d3784
                                                                    • Instruction Fuzzy Hash: FAF0E570209740AFD7329E359800823BFADEA43255714096EE489C3912DA21F84ACBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D36A48 Relevance: .0, Instructions: 29COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7f85931635f712c23dc241a7d81478ec4e42c4707333b41b2506afada7b776e4
                                                                    • Instruction ID: dff998615e26908410275edc16f69286ada2f44625ade379b7556b907687ac03
                                                                    • Opcode Fuzzy Hash: 7f85931635f712c23dc241a7d81478ec4e42c4707333b41b2506afada7b776e4
                                                                    • Instruction Fuzzy Hash: 8FE092B2B442047F9715CE598C418DEBFFADB84125B18C0AAD848D7202E631A90287A0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3AF5F Relevance: .0, Instructions: 26COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 81817c465fddcaa060cb570b3493dc25c3b0c8ffba6057161fcde3efc6b3b97e
                                                                    • Instruction ID: 3da0de44c7bb1bd5f71ab9178e2dbf4840b2667abeabdb5c5144f8dfcab286b6
                                                                    • Opcode Fuzzy Hash: 81817c465fddcaa060cb570b3493dc25c3b0c8ffba6057161fcde3efc6b3b97e
                                                                    • Instruction Fuzzy Hash: 56E0D862A05248EFE701DFA595006FDBBF9CB96100F0590EA9084C3512D4384F4AD361
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D35291 Relevance: .0, Instructions: 25COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: db7d3acd65ba5d11a4e1ef9ed4abed65e501f6f00f7a2583344d0ccbcb0c736f
                                                                    • Instruction ID: 7d378b93ef16d16f4c7781c02b0f6d757ab47faa9cd389ccbbe5582024a6a40f
                                                                    • Opcode Fuzzy Hash: db7d3acd65ba5d11a4e1ef9ed4abed65e501f6f00f7a2583344d0ccbcb0c736f
                                                                    • Instruction Fuzzy Hash: DAF0E570A08248DFC704EFA4E95189C7FB6EB82200B11C1AAD40487356DA3A5F15CB92
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D37DF0 Relevance: .0, Instructions: 24COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6344d171beaa1abc8b2dacd7004078cb5319801ddcf0fa2b306833be9cd51557
                                                                    • Instruction ID: 2e71451cd1ec7edb46b10024be60ece109b75248ece47595e4929c9ed2fce9e2
                                                                    • Opcode Fuzzy Hash: 6344d171beaa1abc8b2dacd7004078cb5319801ddcf0fa2b306833be9cd51557
                                                                    • Instruction Fuzzy Hash: 81E04830349B408FC719D75CE8408A57BF59F4A20131546EAF049C7672C614EC058750
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D34D64 Relevance: .0, Instructions: 24COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 451f430ee5ead4ebf507104a9ac28fc4afc10cddb757a1559ad8f0746192ae63
                                                                    • Instruction ID: a61aeed44bfec7624cab4421e47a5caf963c6dcbac7726dcae88b40ea7227895
                                                                    • Opcode Fuzzy Hash: 451f430ee5ead4ebf507104a9ac28fc4afc10cddb757a1559ad8f0746192ae63
                                                                    • Instruction Fuzzy Hash: A3E0923214015D6BCB019E58DC00EAA3F9DDF49315B00C491F94896122C67AE52697A5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D318AC Relevance: .0, Instructions: 22COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8db7d7f9136bbc421e1bae1a59e180d918d2e1dd9414a0ec031c25f4846c5f66
                                                                    • Instruction ID: c96622b5e782e9eacf4ba81578d3bfc786dde730f86cf6c35db2cc2ad7f8d25a
                                                                    • Opcode Fuzzy Hash: 8db7d7f9136bbc421e1bae1a59e180d918d2e1dd9414a0ec031c25f4846c5f66
                                                                    • Instruction Fuzzy Hash: 0FF0AE35A0110ADFDB18EFA4D6546DCB7B2FB8921AF2004AAC515B3350DB366E41DB68
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D352A0 Relevance: .0, Instructions: 19COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5471886b140c3cb49294aab84302943ec2a8eb961fcf149ab534620e5ddcbd5a
                                                                    • Instruction ID: 8a548cf2332fce76f120e155fb82d35d4e7968c3f324e5d72ecf9c455bf0a8a5
                                                                    • Opcode Fuzzy Hash: 5471886b140c3cb49294aab84302943ec2a8eb961fcf149ab534620e5ddcbd5a
                                                                    • Instruction Fuzzy Hash: 98E08630A0020CEFCB04EFE4E64195C7BF9EB86300B10C165E90497344DB366F10DB51
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D37E00 Relevance: .0, Instructions: 19COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b2ffa18d37c02432703d7dc036276307e9a5a553b016e4dccf8668792f7ba3c7
                                                                    • Instruction ID: fdf9f26c789e6ecd2ce609191c79ae50277ac093fec4f1239c9df46666550526
                                                                    • Opcode Fuzzy Hash: b2ffa18d37c02432703d7dc036276307e9a5a553b016e4dccf8668792f7ba3c7
                                                                    • Instruction Fuzzy Hash: BFD01731310B149F872CDA1CE840C5AB7EEAF8931132486A9F009C7660DA60FC058684
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3AE98 Relevance: .0, Instructions: 18COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e6664e6e7aa63cc244ba1c24103f238aba55ba1b94855286da1036435e2aabf9
                                                                    • Instruction ID: 03a0afdf8f5ce8b43b33f90ab7e1a1da8c27ecc8c535a7d34788662d0c444973
                                                                    • Opcode Fuzzy Hash: e6664e6e7aa63cc244ba1c24103f238aba55ba1b94855286da1036435e2aabf9
                                                                    • Instruction Fuzzy Hash: CFE09A5220A7E09EDF23973A39193BA3E605383361F090085D0D0A61A3C5A84A8DC722
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3AE30 Relevance: .0, Instructions: 18COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e5152ddd257bbc04ba726f1fa48eb39e254a5f3be81ba2915968fb7af12b8422
                                                                    • Instruction ID: 116624800ffac00159bf0ebf3e01189ee68d6ea622ebd2ce71319cf6b7eaa683
                                                                    • Opcode Fuzzy Hash: e5152ddd257bbc04ba726f1fa48eb39e254a5f3be81ba2915968fb7af12b8422
                                                                    • Instruction Fuzzy Hash: 51D02B3030D289CFDF1A17A560949707F25DF52202708049CD4CEC2562DF05DC06C711
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3AF70 Relevance: .0, Instructions: 18COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 44bbd4267eb47609fab0099928bbed3423def89bab42e76bd5be70f39ec19b8e
                                                                    • Instruction ID: 69088677c750295ceb70d7a56086d1cbe7089d2b28205b1ed81c9c5f9ddd7941
                                                                    • Opcode Fuzzy Hash: 44bbd4267eb47609fab0099928bbed3423def89bab42e76bd5be70f39ec19b8e
                                                                    • Instruction Fuzzy Hash: 5FD05E76A0120CEBDB00CEEAC9006EEB7FEDB84201F10C0AAA408D3240E5355F40A661
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D3AE40 Relevance: .0, Instructions: 16COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e3aaa6735073be1626fc6e3f78834ace6ca49e95abfbc4b7434fa167befcb7c5
                                                                    • Instruction ID: 762fe5e852b2a37f1ef9cde1cf8e461d6364baae55a42aa2caa6a45d4e46cc07
                                                                    • Opcode Fuzzy Hash: e3aaa6735073be1626fc6e3f78834ace6ca49e95abfbc4b7434fa167befcb7c5
                                                                    • Instruction Fuzzy Hash: A4D0123135420E87DF185BA6B458B36739DAF40B07B044468E44ED2640EF5AFC41A511
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Non-executed Functions

                                                                    Function 06EB6668 Relevance: 2.8, Strings: 2, Instructions: 298COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2125713739.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_6eb0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: PH]q$PH]q
                                                                    • API String ID: 0-1166926398
                                                                    • Opcode ID: e55f88d75d33036006836edce75df303ee0f23850d6927673d8d866ec8780b0b
                                                                    • Instruction ID: 652065b5a78a1ce23565561258ce60dfc2395fb7ef3e487f015b1092594ad166
                                                                    • Opcode Fuzzy Hash: e55f88d75d33036006836edce75df303ee0f23850d6927673d8d866ec8780b0b
                                                                    • Instruction Fuzzy Hash: 93D19234A006048FDB58DF69C598AEAB7F1BF4D705F2590A8E509AB371DB31AD41CF60
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00E3D2A4 Relevance: .3, Instructions: 264COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2095634543.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 493f935b275a4d9fa99ee47405cf78b93337b3f7b333b054bfdccdab0816237d
                                                                    • Instruction ID: ab1a4162dad6e82f306c20b696401463c1686fcd3fddef5ee2f3fefeeba036ad
                                                                    • Opcode Fuzzy Hash: 493f935b275a4d9fa99ee47405cf78b93337b3f7b333b054bfdccdab0816237d
                                                                    • Instruction Fuzzy Hash: CDA14B32E002059FCF05DFB5D84899EBBB2FF85304B15957AE805BB2A5DB71E946CB80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D309D0 Relevance: 41.7, Strings: 33, Instructions: 442COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q
                                                                    • API String ID: 0-2711123852
                                                                    • Opcode ID: 224a573f1c65ebf37e484b70115f122a78f543ed18d29f1cfa6092588eef276c
                                                                    • Instruction ID: 3a4c45acf3cb917c13e0238152c6806f9e0bdf7b38fabe3f77ebddf1db2145a4
                                                                    • Opcode Fuzzy Hash: 224a573f1c65ebf37e484b70115f122a78f543ed18d29f1cfa6092588eef276c
                                                                    • Instruction Fuzzy Hash: 83125D30A042099FCB5CEF7AF991A9E7BB2FF80700F108569D049AB265DF746949CF91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 04D309E0 Relevance: 41.7, Strings: 33, Instructions: 434COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2104946321.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4d30000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q
                                                                    • API String ID: 0-2711123852
                                                                    • Opcode ID: a1b35959bc2f210ba356fb591b99cda3e6a33217ce56e0d74e54a8bf7f297178
                                                                    • Instruction ID: 4b3437fa47a831bd6ed0674fa023b5785195cb33a86deaba74628bc3eab3954d
                                                                    • Opcode Fuzzy Hash: a1b35959bc2f210ba356fb591b99cda3e6a33217ce56e0d74e54a8bf7f297178
                                                                    • Instruction Fuzzy Hash: EC124E30A042099FCB5CEF7AF991A9E7BB2FF80700F108569D049AB265DF746949CF91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Execution Graph

                                                                    Execution Coverage:9%
                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                    Signature Coverage:0%
                                                                    Total number of Nodes:53
                                                                    Total number of Limit Nodes:5
                                                                    execution_graph 41981 15a0848 41983 15a084e 41981->41983 41982 15a091b 41983->41982 41985 15a138f 41983->41985 41986 15a1389 41985->41986 41988 15a1393 41985->41988 41986->41983 41987 15a14b4 41987->41983 41988->41987 41995 15a8348 41988->41995 42000 15a8061 41988->42000 42005 15a7fc4 41988->42005 42010 15a7e87 41988->42010 42015 15a7e98 41988->42015 42020 15a8002 41988->42020 41996 15a8352 41995->41996 41997 15a836c 41996->41997 42025 6caf9ef 41996->42025 42030 6cafa00 41996->42030 41997->41988 42002 15a8066 42000->42002 42001 15a80f3 42001->41988 42035 15a8110 42002->42035 42039 15a8101 42002->42039 42007 15a7fc9 42005->42007 42006 15a80f3 42006->41988 42008 15a8110 DeleteFileW 42007->42008 42009 15a8101 DeleteFileW 42007->42009 42008->42006 42009->42006 42012 15a7e98 42010->42012 42011 15a80f3 42011->41988 42012->42011 42013 15a8110 DeleteFileW 42012->42013 42014 15a8101 DeleteFileW 42012->42014 42013->42011 42014->42011 42017 15a7eb1 42015->42017 42016 15a80f3 42016->41988 42017->42016 42018 15a8110 DeleteFileW 42017->42018 42019 15a8101 DeleteFileW 42017->42019 42018->42016 42019->42016 42021 15a8007 42020->42021 42023 15a8110 DeleteFileW 42021->42023 42024 15a8101 DeleteFileW 42021->42024 42022 15a80f3 42022->41988 42023->42022 42024->42022 42026 6cafa15 42025->42026 42027 6cafc26 42026->42027 42028 6cafc50 GlobalMemoryStatusEx GlobalMemoryStatusEx 42026->42028 42029 6cafc47 GlobalMemoryStatusEx GlobalMemoryStatusEx 42026->42029 42027->41997 42028->42026 42029->42026 42031 6cafa15 42030->42031 42032 6cafc26 42031->42032 42033 6cafc50 GlobalMemoryStatusEx GlobalMemoryStatusEx 42031->42033 42034 6cafc47 GlobalMemoryStatusEx GlobalMemoryStatusEx 42031->42034 42032->41997 42033->42031 42034->42031 42036 15a8120 42035->42036 42037 15a8152 42036->42037 42043 15a7810 42036->42043 42037->42001 42040 15a8120 42039->42040 42041 15a7810 DeleteFileW 42040->42041 42042 15a8152 42040->42042 42041->42042 42042->42001 42044 15a8170 DeleteFileW 42043->42044 42046 15a81ef 42044->42046 42046->42037

                                                                    Executed Functions

                                                                    Function 06CA2750 Relevance: 9.0, Strings: 6, Instructions: 1479COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                                                    • API String ID: 0-3723351465
                                                                    • Opcode ID: de70b6bb07563f2402e7d595d0c5df327f6be8e8978e88ef8aa39859272f76b3
                                                                    • Instruction ID: bf8c9a55951935ef764afb373fb3317972507e1166a0ca097014ee1e421adf0e
                                                                    • Opcode Fuzzy Hash: de70b6bb07563f2402e7d595d0c5df327f6be8e8978e88ef8aa39859272f76b3
                                                                    • Instruction Fuzzy Hash: D7D26B30E0071A8FDB64DF68C494A9DB7B2FF85308F54C569D449AB265DB34EE86CB80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CAB1F8 Relevance: 8.3, Strings: 6, Instructions: 763COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                                                    • API String ID: 0-3723351465
                                                                    • Opcode ID: ba25084edd85ff20f85444448f4a04d0a480951156759491f14dc040f3df4148
                                                                    • Instruction ID: 906bb6793745cac82641b7269bacf9c63d4f3165db208612ef1dc65e1d5814e3
                                                                    • Opcode Fuzzy Hash: ba25084edd85ff20f85444448f4a04d0a480951156759491f14dc040f3df4148
                                                                    • Instruction Fuzzy Hash: BC528E30E0020A8FDF64DFA9D590BADB7B6FB45318F20892AD409DB395DA34DD85CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA7D48 Relevance: 3.0, Strings: 2, Instructions: 471COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1490 6ca7d48-6ca7d66 1491 6ca7d68-6ca7d6b 1490->1491 1492 6ca7d8c-6ca7d8f 1491->1492 1493 6ca7d6d-6ca7d87 1491->1493 1494 6ca7db2-6ca7db5 1492->1494 1495 6ca7d91-6ca7dad 1492->1495 1493->1492 1496 6ca7dc2-6ca7dc5 1494->1496 1497 6ca7db7-6ca7dc1 1494->1497 1495->1494 1499 6ca7ddc-6ca7dde 1496->1499 1500 6ca7dc7-6ca7dd5 1496->1500 1502 6ca7de0 1499->1502 1503 6ca7de5-6ca7de8 1499->1503 1507 6ca7dee-6ca7e04 1500->1507 1508 6ca7dd7 1500->1508 1502->1503 1503->1491 1503->1507 1510 6ca7e0a-6ca7e13 1507->1510 1511 6ca801f-6ca8029 1507->1511 1508->1499 1512 6ca802a-6ca805f 1510->1512 1513 6ca7e19-6ca7e36 1510->1513 1516 6ca8061-6ca8064 1512->1516 1522 6ca800c-6ca8019 1513->1522 1523 6ca7e3c-6ca7e64 1513->1523 1518 6ca806a-6ca8079 1516->1518 1519 6ca8299-6ca829c 1516->1519 1531 6ca807b-6ca8096 1518->1531 1532 6ca8098-6ca80dc 1518->1532 1520 6ca829e-6ca82ba 1519->1520 1521 6ca82bf-6ca82c2 1519->1521 1520->1521 1524 6ca82c8-6ca82d4 1521->1524 1525 6ca836d-6ca836f 1521->1525 1522->1510 1522->1511 1523->1522 1543 6ca7e6a-6ca7e73 1523->1543 1534 6ca82df-6ca82e1 1524->1534 1528 6ca8371 1525->1528 1529 6ca8376-6ca8379 1525->1529 1528->1529 1529->1516 1533 6ca837f-6ca8388 1529->1533 1531->1532 1541 6ca826d-6ca8283 1532->1541 1542 6ca80e2-6ca80f3 1532->1542 1538 6ca82f9-6ca82fd 1534->1538 1539 6ca82e3-6ca82e9 1534->1539 1546 6ca830b 1538->1546 1547 6ca82ff-6ca8309 1538->1547 1544 6ca82eb 1539->1544 1545 6ca82ed-6ca82ef 1539->1545 1541->1519 1556 6ca8258-6ca8267 1542->1556 1557 6ca80f9-6ca8116 1542->1557 1543->1512 1550 6ca7e79-6ca7e95 1543->1550 1544->1538 1545->1538 1549 6ca8310-6ca8312 1546->1549 1547->1549 1552 6ca8323-6ca835c 1549->1552 1553 6ca8314-6ca8317 1549->1553 1560 6ca7ffa-6ca8006 1550->1560 1561 6ca7e9b-6ca7ec5 1550->1561 1552->1518 1573 6ca8362-6ca836c 1552->1573 1553->1533 1556->1541 1556->1542 1557->1556 1568 6ca811c-6ca8212 call 6ca6578 1557->1568 1560->1522 1560->1543 1574 6ca7ecb-6ca7ef3 1561->1574 1575 6ca7ff0-6ca7ff5 1561->1575 1623 6ca8220 1568->1623 1624 6ca8214-6ca821e 1568->1624 1574->1575 1582 6ca7ef9-6ca7f27 1574->1582 1575->1560 1582->1575 1587 6ca7f2d-6ca7f36 1582->1587 1587->1575 1589 6ca7f3c-6ca7f6e 1587->1589 1596 6ca7f79-6ca7f95 1589->1596 1597 6ca7f70-6ca7f74 1589->1597 1596->1560 1600 6ca7f97-6ca7fee call 6ca6578 1596->1600 1597->1575 1599 6ca7f76 1597->1599 1599->1596 1600->1560 1625 6ca8225-6ca8227 1623->1625 1624->1625 1625->1556 1626 6ca8229-6ca822e 1625->1626 1627 6ca823c 1626->1627 1628 6ca8230-6ca823a 1626->1628 1629 6ca8241-6ca8243 1627->1629 1628->1629 1629->1556 1630 6ca8245-6ca8251 1629->1630 1630->1556
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $]q$$]q
                                                                    • API String ID: 0-127220927
                                                                    • Opcode ID: 05b35d444b28561caef5e87424c39c32cdd91b7aff677c148f400c16c4e08cf8
                                                                    • Instruction ID: 4ac39fcd2b5236132c22b4ab4b8efe8657e7d5cc1e303f7d2f621351b144640a
                                                                    • Opcode Fuzzy Hash: 05b35d444b28561caef5e87424c39c32cdd91b7aff677c148f400c16c4e08cf8
                                                                    • Instruction Fuzzy Hash: 9002AE30B0121A8FDB58DF68D494AAEB7B6FF84308F148529D809DB394DB35ED46CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA5568 Relevance: 1.8, Strings: 1, Instructions: 590COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1947 6ca5568-6ca5585 1948 6ca5587-6ca558a 1947->1948 1949 6ca5598-6ca559b 1948->1949 1950 6ca558c-6ca5593 1948->1950 1951 6ca55ae-6ca55b1 1949->1951 1952 6ca559d-6ca55a3 1949->1952 1950->1949 1955 6ca55b9-6ca55bc 1951->1955 1956 6ca55b3-6ca55b4 1951->1956 1953 6ca55a9 1952->1953 1954 6ca56c4-6ca56d2 1952->1954 1953->1951 1959 6ca56d9-6ca56dc 1954->1959 1957 6ca55be-6ca55c2 1955->1957 1958 6ca55cd-6ca55d0 1955->1958 1956->1955 1960 6ca55c8 1957->1960 1961 6ca5734-6ca5740 1957->1961 1962 6ca55d2-6ca55d5 1958->1962 1963 6ca5605-6ca5608 1958->1963 1966 6ca56e1-6ca56e4 1959->1966 1960->1958 1967 6ca55db-6ca55e6 1962->1967 1968 6ca5741-6ca576b 1962->1968 1964 6ca560a-6ca560c 1963->1964 1965 6ca560f-6ca5612 1963->1965 1964->1965 1965->1952 1969 6ca5614-6ca5617 1965->1969 1970 6ca56fb-6ca56fe 1966->1970 1971 6ca56e6-6ca56f6 1966->1971 1967->1968 1972 6ca55ec-6ca55f6 1967->1972 1985 6ca5775-6ca5778 1968->1985 1973 6ca5619-6ca5629 1969->1973 1974 6ca562e-6ca5631 1969->1974 1976 6ca5722-6ca5724 1970->1976 1977 6ca5700-6ca571d 1970->1977 1971->1970 1972->1968 1978 6ca55fc-6ca5600 1972->1978 1973->1974 1979 6ca563b-6ca563e 1974->1979 1980 6ca5633-6ca5636 1974->1980 1982 6ca572b-6ca572e 1976->1982 1983 6ca5726 1976->1983 1977->1976 1978->1963 1986 6ca564d-6ca5650 1979->1986 1987 6ca5640-6ca5646 1979->1987 1980->1979 1982->1948 1982->1961 1983->1982 1989 6ca579a-6ca579d 1985->1989 1990 6ca577a-6ca577e 1985->1990 1986->1987 1992 6ca5652-6ca5655 1986->1992 1987->1962 1991 6ca5648 1987->1991 1995 6ca57ae-6ca57b1 1989->1995 1996 6ca579f-6ca57a9 1989->1996 1993 6ca5866-6ca58a4 1990->1993 1994 6ca5784-6ca578c 1990->1994 1991->1986 1997 6ca565f-6ca5662 1992->1997 1998 6ca5657-6ca565a 1992->1998 2019 6ca58a6-6ca58a9 1993->2019 1994->1993 2000 6ca5792-6ca5795 1994->2000 2001 6ca57d3-6ca57d6 1995->2001 2002 6ca57b3-6ca57b7 1995->2002 1996->1995 2003 6ca5671-6ca5674 1997->2003 2004 6ca5664-6ca566a 1997->2004 1998->1997 2000->1989 2009 6ca57d8-6ca57dc 2001->2009 2010 6ca57f4-6ca57f7 2001->2010 2002->1993 2005 6ca57bd-6ca57c5 2002->2005 2007 6ca5691-6ca5694 2003->2007 2008 6ca5676-6ca568c 2003->2008 2004->1998 2006 6ca566c 2004->2006 2005->1993 2013 6ca57cb-6ca57ce 2005->2013 2006->2003 2015 6ca56a0-6ca56a3 2007->2015 2016 6ca5696-6ca569f 2007->2016 2008->2007 2009->1993 2014 6ca57e2-6ca57ea 2009->2014 2017 6ca57f9-6ca5800 2010->2017 2018 6ca5807-6ca580a 2010->2018 2013->2001 2014->1993 2021 6ca57ec-6ca57ef 2014->2021 2028 6ca56bf-6ca56c2 2015->2028 2029 6ca56a5-6ca56ba 2015->2029 2022 6ca585e-6ca5865 2017->2022 2023 6ca5802 2017->2023 2024 6ca580c-6ca5813 2018->2024 2025 6ca5814-6ca5817 2018->2025 2026 6ca58ab-6ca58bc 2019->2026 2027 6ca58c7-6ca58ca 2019->2027 2021->2010 2023->2018 2032 6ca5819-6ca582a 2025->2032 2033 6ca582f-6ca5832 2025->2033 2045 6ca58c2 2026->2045 2046 6ca5bc5-6ca5bcc 2026->2046 2030 6ca5bb3-6ca5bb6 2027->2030 2031 6ca58d0-6ca5a64 2027->2031 2028->1954 2028->1966 2029->2028 2036 6ca5bb8-6ca5bbd 2030->2036 2037 6ca5bc0-6ca5bc3 2030->2037 2096 6ca5a6a-6ca5a71 2031->2096 2097 6ca5b9d-6ca5bb0 2031->2097 2032->2033 2034 6ca584c-6ca584e 2033->2034 2035 6ca5834-6ca5838 2033->2035 2042 6ca5850 2034->2042 2043 6ca5855-6ca5858 2034->2043 2035->1993 2040 6ca583a-6ca5842 2035->2040 2036->2037 2037->2046 2047 6ca5bd1-6ca5bd4 2037->2047 2040->1993 2050 6ca5844-6ca5847 2040->2050 2042->2043 2043->1985 2043->2022 2045->2027 2046->2047 2048 6ca5bec-6ca5bef 2047->2048 2049 6ca5bd6-6ca5be9 2047->2049 2052 6ca5c09-6ca5c0c 2048->2052 2053 6ca5bf1-6ca5c02 2048->2053 2050->2034 2052->2031 2055 6ca5c12-6ca5c15 2052->2055 2059 6ca5c3d-6ca5c4e 2053->2059 2060 6ca5c04 2053->2060 2055->2031 2058 6ca5c1b-6ca5c1e 2055->2058 2061 6ca5c38-6ca5c3b 2058->2061 2062 6ca5c20-6ca5c31 2058->2062 2059->2046 2069 6ca5c54 2059->2069 2060->2052 2061->2059 2063 6ca5c59-6ca5c5c 2061->2063 2062->2049 2073 6ca5c33 2062->2073 2066 6ca5c6a-6ca5c6d 2063->2066 2067 6ca5c5e-6ca5c65 2063->2067 2070 6ca5c8b-6ca5c8d 2066->2070 2071 6ca5c6f-6ca5c80 2066->2071 2067->2066 2069->2063 2074 6ca5c8f 2070->2074 2075 6ca5c94-6ca5c97 2070->2075 2071->2046 2079 6ca5c86 2071->2079 2073->2061 2074->2075 2075->2019 2078 6ca5c9d-6ca5ca6 2075->2078 2079->2070 2098 6ca5a77-6ca5aaa 2096->2098 2099 6ca5b25-6ca5b2c 2096->2099 2110 6ca5aaf-6ca5af0 2098->2110 2111 6ca5aac 2098->2111 2099->2097 2100 6ca5b2e-6ca5b61 2099->2100 2112 6ca5b63 2100->2112 2113 6ca5b66-6ca5b93 2100->2113 2121 6ca5b08-6ca5b0f 2110->2121 2122 6ca5af2-6ca5b03 2110->2122 2111->2110 2112->2113 2113->2078 2124 6ca5b17-6ca5b19 2121->2124 2122->2078 2124->2078
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $
                                                                    • API String ID: 0-3993045852
                                                                    • Opcode ID: e2c20304a5701a334a916569e7862f93c3bda133ed8ac02a5b91f6869de2f347
                                                                    • Instruction ID: c941628de14dd5b07107be9660aa2acf972f8427f70fac86af5cc0e8cce30152
                                                                    • Opcode Fuzzy Hash: e2c20304a5701a334a916569e7862f93c3bda133ed8ac02a5b91f6869de2f347
                                                                    • Instruction Fuzzy Hash: 7622A135E0021A8FDF64DFA4C5906AEB7B2FB88318F60C569D419EB384DA35DD42CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA65C8 Relevance: .8, Instructions: 813COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 538e305cd44813186197c2eae544473e061f1249e07164ebb969aa1d9f0f410d
                                                                    • Instruction ID: 600dd105d77b1dd62ab4ba8525f292c51de71c095c1f0511a6c49b1d356220ba
                                                                    • Opcode Fuzzy Hash: 538e305cd44813186197c2eae544473e061f1249e07164ebb969aa1d9f0f410d
                                                                    • Instruction Fuzzy Hash: C0629E34B0020A9FDB54DB69D594AADB7F2FF84318F188429E40ADB394DB35ED46CB80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CAC138 Relevance: .6, Instructions: 634COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6995be09f3210a3f7d2df23478c3da4694c0aea41fce8017ff050f399f91f13c
                                                                    • Instruction ID: 5bd89ef1fda74784b045e7cd24819f19d507f4bb697e1c8c12bdb72e810db473
                                                                    • Opcode Fuzzy Hash: 6995be09f3210a3f7d2df23478c3da4694c0aea41fce8017ff050f399f91f13c
                                                                    • Instruction Fuzzy Hash: 20328134B0020A8FDF54DF68D994AAEB7B6FB88318F108529E405EB354DB35ED46CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CAAC90 Relevance: 10.4, Strings: 8, Instructions: 389COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 0 6caac90-6caacae 1 6caacb0-6caacb3 0->1 2 6caacd6-6caacd9 1->2 3 6caacb5-6caacd1 1->3 4 6caacdb-6caace0 2->4 5 6caace3-6caace6 2->5 3->2 4->5 7 6caace8-6caacec 5->7 8 6caacf7-6caacfa 5->8 11 6caaebc-6caaec6 7->11 12 6caacf2 7->12 9 6caad0a-6caad0d 8->9 10 6caacfc-6caad05 8->10 13 6caad0f-6caad1c 9->13 14 6caad21-6caad24 9->14 10->9 12->8 13->14 16 6caad3e-6caad41 14->16 17 6caad26-6caad2f 14->17 21 6caaead-6caaeb6 16->21 22 6caad47-6caad4a 16->22 19 6caaec7-6caaefe 17->19 20 6caad35-6caad39 17->20 29 6caaf00-6caaf03 19->29 20->16 21->11 21->17 23 6caad4c-6caad5f 22->23 24 6caad64-6caad66 22->24 23->24 26 6caad68 24->26 27 6caad6d-6caad70 24->27 26->27 27->1 28 6caad76-6caad9a 27->28 45 6caaeaa 28->45 46 6caada0-6caadaf 28->46 31 6caaf10-6caaf13 29->31 32 6caaf05-6caaf09 29->32 36 6caaf36-6caaf39 31->36 37 6caaf15-6caaf31 31->37 34 6caaf0b 32->34 35 6caaf61-6caaf9c 32->35 34->31 48 6cab18f-6cab1a2 35->48 49 6caafa2-6caafae 35->49 38 6caaf3b-6caaf45 36->38 39 6caaf46-6caaf49 36->39 37->36 42 6caaf4b 39->42 43 6caaf58-6caaf5b 39->43 123 6caaf4b call 6cab1e8 42->123 124 6caaf4b call 6cab1f8 42->124 43->35 47 6cab1c4-6cab1c6 43->47 45->21 60 6caadb1-6caadb7 46->60 61 6caadc7-6caae02 call 6ca6578 46->61 52 6cab1c8 47->52 53 6cab1cd-6cab1d0 47->53 50 6cab1a4 48->50 58 6caafce-6cab012 49->58 59 6caafb0-6caafc9 49->59 50->47 52->53 53->29 56 6cab1d6-6cab1e0 53->56 54 6caaf51-6caaf53 54->43 77 6cab02e-6cab06d 58->77 78 6cab014-6cab026 58->78 59->50 62 6caadbb-6caadbd 60->62 63 6caadb9 60->63 75 6caae1a-6caae31 61->75 76 6caae04-6caae0a 61->76 62->61 63->61 90 6caae49-6caae5a 75->90 91 6caae33-6caae39 75->91 79 6caae0e-6caae10 76->79 80 6caae0c 76->80 84 6cab073-6cab14e call 6ca6578 77->84 85 6cab154-6cab169 77->85 78->77 79->75 80->75 84->85 85->48 97 6caae5c-6caae62 90->97 98 6caae72-6caaea3 90->98 93 6caae3b 91->93 94 6caae3d-6caae3f 91->94 93->90 94->90 99 6caae66-6caae68 97->99 100 6caae64 97->100 98->45 99->98 100->98 123->54 124->54
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                                    • API String ID: 0-1273862796
                                                                    • Opcode ID: b6c41309643ebd861334ad6d71bb097fb9c644af7bdda523416a964c69473f5a
                                                                    • Instruction ID: 1eb5924763a827b9f7157b281463a2c2835b062288e4b849e8815bcaa807050d
                                                                    • Opcode Fuzzy Hash: b6c41309643ebd861334ad6d71bb097fb9c644af7bdda523416a964c69473f5a
                                                                    • Instruction Fuzzy Hash: CFE15E30E1030A8FDB69DFA9D9906AEB7B6FF85308F108529D409AB354DB35DD46CB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA9118 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 859 6ca9118-6ca913d 860 6ca913f-6ca9142 859->860 861 6ca9168-6ca916b 860->861 862 6ca9144-6ca9163 860->862 863 6ca9a2b-6ca9a2d 861->863 864 6ca9171-6ca9186 861->864 862->861 865 6ca9a2f 863->865 866 6ca9a34-6ca9a37 863->866 871 6ca9188-6ca918e 864->871 872 6ca919e-6ca91b4 864->872 865->866 866->860 868 6ca9a3d-6ca9a47 866->868 873 6ca9192-6ca9194 871->873 874 6ca9190 871->874 876 6ca91bf-6ca91c1 872->876 873->872 874->872 877 6ca91d9-6ca924a 876->877 878 6ca91c3-6ca91c9 876->878 889 6ca924c-6ca926f 877->889 890 6ca9276-6ca9292 877->890 879 6ca91cb 878->879 880 6ca91cd-6ca91cf 878->880 879->877 880->877 889->890 895 6ca92be-6ca92d9 890->895 896 6ca9294-6ca92b7 890->896 901 6ca92db-6ca92fd 895->901 902 6ca9304-6ca931f 895->902 896->895 901->902 907 6ca934a-6ca9354 902->907 908 6ca9321-6ca9343 902->908 909 6ca9356-6ca935f 907->909 910 6ca9364-6ca93de 907->910 908->907 909->868 916 6ca942b-6ca9440 910->916 917 6ca93e0-6ca93fe 910->917 916->863 921 6ca941a-6ca9429 917->921 922 6ca9400-6ca940f 917->922 921->916 921->917 922->921
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $]q$$]q$$]q$$]q
                                                                    • API String ID: 0-858218434
                                                                    • Opcode ID: 3b881953e80e1590e2bf66cd5d26c56a1f916a12f2720cab21a987bbf848197c
                                                                    • Instruction ID: 6310914dfdbd6f358bf2264af5497945effdf2d48fcec3df33c1ea1c6ba2f3df
                                                                    • Opcode Fuzzy Hash: 3b881953e80e1590e2bf66cd5d26c56a1f916a12f2720cab21a987bbf848197c
                                                                    • Instruction Fuzzy Hash: 66914230B1021A9FDB54DF79D860BAEB7F6BF85204F108569C50DEB358EA30DD468B92
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA4B38 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 925 6ca4b38-6ca4b5c 926 6ca4b5e-6ca4b61 925->926 927 6ca5240-6ca5243 926->927 928 6ca4b67-6ca4c5f 926->928 929 6ca5264-6ca5266 927->929 930 6ca5245-6ca525f 927->930 948 6ca4ce2-6ca4ce9 928->948 949 6ca4c65-6ca4cad 928->949 931 6ca5268 929->931 932 6ca526d-6ca5270 929->932 930->929 931->932 932->926 935 6ca5276-6ca5283 932->935 950 6ca4cef-6ca4d5f 948->950 951 6ca4d6d-6ca4d76 948->951 971 6ca4cb2 call 6ca53e0 949->971 972 6ca4cb2 call 6ca53f0 949->972 968 6ca4d6a 950->968 969 6ca4d61 950->969 951->935 962 6ca4cb8-6ca4cd4 965 6ca4cdf-6ca4ce0 962->965 966 6ca4cd6 962->966 965->948 966->965 968->951 969->968 971->962 972->962
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: fbq$XPbq$\Obq
                                                                    • API String ID: 0-4057264190
                                                                    • Opcode ID: d564a8c3edafd09382ffa4832f2abe64a7ee6dbc51efc12f89c174c1ae69959e
                                                                    • Instruction ID: 4c7fd99ccef9399a0466d6473e45d4edbdf63aa666da779d4c2e2abd748b1578
                                                                    • Opcode Fuzzy Hash: d564a8c3edafd09382ffa4832f2abe64a7ee6dbc51efc12f89c174c1ae69959e
                                                                    • Instruction Fuzzy Hash: A8617230E002199FDF549FA9C4547AEBAF6FB88704F208529D10AAB394DF754D46CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA9108 Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1845 6ca9108-6ca913d 1846 6ca913f-6ca9142 1845->1846 1847 6ca9168-6ca916b 1846->1847 1848 6ca9144-6ca9163 1846->1848 1849 6ca9a2b-6ca9a2d 1847->1849 1850 6ca9171-6ca9186 1847->1850 1848->1847 1851 6ca9a2f 1849->1851 1852 6ca9a34-6ca9a37 1849->1852 1857 6ca9188-6ca918e 1850->1857 1858 6ca919e-6ca91b4 1850->1858 1851->1852 1852->1846 1854 6ca9a3d-6ca9a47 1852->1854 1859 6ca9192-6ca9194 1857->1859 1860 6ca9190 1857->1860 1862 6ca91bf-6ca91c1 1858->1862 1859->1858 1860->1858 1863 6ca91d9-6ca924a 1862->1863 1864 6ca91c3-6ca91c9 1862->1864 1875 6ca924c-6ca926f 1863->1875 1876 6ca9276-6ca9292 1863->1876 1865 6ca91cb 1864->1865 1866 6ca91cd-6ca91cf 1864->1866 1865->1863 1866->1863 1875->1876 1881 6ca92be-6ca92d9 1876->1881 1882 6ca9294-6ca92b7 1876->1882 1887 6ca92db-6ca92fd 1881->1887 1888 6ca9304-6ca931f 1881->1888 1882->1881 1887->1888 1893 6ca934a-6ca9354 1888->1893 1894 6ca9321-6ca9343 1888->1894 1895 6ca9356-6ca935f 1893->1895 1896 6ca9364-6ca93de 1893->1896 1894->1893 1895->1854 1902 6ca942b-6ca9440 1896->1902 1903 6ca93e0-6ca93fe 1896->1903 1902->1849 1907 6ca941a-6ca9429 1903->1907 1908 6ca9400-6ca940f 1903->1908 1907->1902 1907->1903 1908->1907
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $]q$$]q
                                                                    • API String ID: 0-127220927
                                                                    • Opcode ID: 60e0f099bf5a761dc192d63f4d14c1379d5b2058acb49b2948040b43fe867faa
                                                                    • Instruction ID: 5671657f18d2e500b8972c00eecb81a767487ebabe4f0300ffbe63ca74c604e8
                                                                    • Opcode Fuzzy Hash: 60e0f099bf5a761dc192d63f4d14c1379d5b2058acb49b2948040b43fe867faa
                                                                    • Instruction Fuzzy Hash: 61515430B1020A9FDB54DB78D961B6E77F6FB88204F108569C90DDB398EA31DD068B92
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 015A7810 Relevance: 1.6, APIs: 1, Instructions: 59fileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 2125 15a7810-15a81ba 2128 15a81bc-15a81bf 2125->2128 2129 15a81c2-15a81ed DeleteFileW 2125->2129 2128->2129 2130 15a81ef-15a81f5 2129->2130 2131 15a81f6-15a821e 2129->2131 2130->2131
                                                                    APIs
                                                                    • DeleteFileW.KERNELBASE(00000000), ref: 015A81E0
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4476236043.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_15a0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID: DeleteFile
                                                                    • String ID:
                                                                    • API String ID: 4033686569-0
                                                                    • Opcode ID: 65cde81af0146c17b4f0269f5953e58b510355186069f6cda0be940ce4b3682a
                                                                    • Instruction ID: a08884963fbddd97fe5d2f6af4f8b7dd6c088143c12c7e152f246410597458d6
                                                                    • Opcode Fuzzy Hash: 65cde81af0146c17b4f0269f5953e58b510355186069f6cda0be940ce4b3682a
                                                                    • Instruction Fuzzy Hash: 3D2127B1C006599BCB14DF9AC5447AEFBF4FF48320F14852AE918A7240D738A940CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 015A8168 Relevance: 1.6, APIs: 1, Instructions: 57fileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 2134 15a8168-15a81ba 2136 15a81bc-15a81bf 2134->2136 2137 15a81c2-15a81ed DeleteFileW 2134->2137 2136->2137 2138 15a81ef-15a81f5 2137->2138 2139 15a81f6-15a821e 2137->2139 2138->2139
                                                                    APIs
                                                                    • DeleteFileW.KERNELBASE(00000000), ref: 015A81E0
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4476236043.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_15a0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID: DeleteFile
                                                                    • String ID:
                                                                    • API String ID: 4033686569-0
                                                                    • Opcode ID: 3be16c159f1769023748b15182922b954fd0a19495b2f8dfed1948fb459e3673
                                                                    • Instruction ID: f148e3be0b70e29dd2716d3a3e0d7cfa53ce38e7e792ac57bf48a0adfd6d88b4
                                                                    • Opcode Fuzzy Hash: 3be16c159f1769023748b15182922b954fd0a19495b2f8dfed1948fb459e3673
                                                                    • Instruction Fuzzy Hash: 8B2127B1C0065A9FDB14DF9AC94479EFBF0BF48310F14815AD958A7240D738AA44CFA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 015AF088 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 2142 15af088-15af0fc GlobalMemoryStatusEx 2144 15af0fe-15af104 2142->2144 2145 15af105-15af12d 2142->2145 2144->2145
                                                                    APIs
                                                                    • GlobalMemoryStatusEx.KERNELBASE ref: 015AF0EF
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4476236043.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_15a0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID: GlobalMemoryStatus
                                                                    • String ID:
                                                                    • API String ID: 1890195054-0
                                                                    • Opcode ID: 0b8158eb6c0b75724290764c38b48ea26e480dcf62227865024f9d8923aca7ca
                                                                    • Instruction ID: c77ea3815b4b2d74f31c908287459598d5e0bbdf36c76566dfee7c36e85a3ad2
                                                                    • Opcode Fuzzy Hash: 0b8158eb6c0b75724290764c38b48ea26e480dcf62227865024f9d8923aca7ca
                                                                    • Instruction Fuzzy Hash: 2211EFB1C0065A9BCB10DF9AC544ADEFBF4BF48320F15816AE918A7240D778A944CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 015AF086 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 2148 15af086-15af0fc GlobalMemoryStatusEx 2150 15af0fe-15af104 2148->2150 2151 15af105-15af12d 2148->2151 2150->2151
                                                                    APIs
                                                                    • GlobalMemoryStatusEx.KERNELBASE ref: 015AF0EF
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4476236043.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_15a0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID: GlobalMemoryStatus
                                                                    • String ID:
                                                                    • API String ID: 1890195054-0
                                                                    • Opcode ID: 7982118858c66b138cc37698674271cb9272fabe6513ace174625fa522b69bb1
                                                                    • Instruction ID: c6642b9b5b9148c5b5cfcbaedd1fb1cc6e39de2eb38e1ca07b2bd8e654ba5b4f
                                                                    • Opcode Fuzzy Hash: 7982118858c66b138cc37698674271cb9272fabe6513ace174625fa522b69bb1
                                                                    • Instruction Fuzzy Hash: 5011F0B1C0065A9BDB10DF9AC544BDEFBF4BF48320F15816AE818B7240D378AA44CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA4B29 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 2213 6ca4b29-6ca4b5c 2214 6ca4b5e-6ca4b61 2213->2214 2215 6ca5240-6ca5243 2214->2215 2216 6ca4b67-6ca4c5f 2214->2216 2217 6ca5264-6ca5266 2215->2217 2218 6ca5245-6ca525f 2215->2218 2236 6ca4ce2-6ca4ce9 2216->2236 2237 6ca4c65-6ca4cad 2216->2237 2219 6ca5268 2217->2219 2220 6ca526d-6ca5270 2217->2220 2218->2217 2219->2220 2220->2214 2223 6ca5276-6ca5283 2220->2223 2238 6ca4cef-6ca4d5f 2236->2238 2239 6ca4d6d-6ca4d76 2236->2239 2259 6ca4cb2 call 6ca53e0 2237->2259 2260 6ca4cb2 call 6ca53f0 2237->2260 2256 6ca4d6a 2238->2256 2257 6ca4d61 2238->2257 2239->2223 2250 6ca4cb8-6ca4cd4 2253 6ca4cdf-6ca4ce0 2250->2253 2254 6ca4cd6 2250->2254 2253->2236 2254->2253 2256->2239 2257->2256 2259->2250 2260->2250
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: XPbq
                                                                    • API String ID: 0-864591470
                                                                    • Opcode ID: 1757f9b04e4db66f620229299d27a8e765b3967fd616d26440529d8201da0040
                                                                    • Instruction ID: ca50877fb912afc95bb39da9652fe3842bfbbe435faf9ef0f8772e96c6fa64c9
                                                                    • Opcode Fuzzy Hash: 1757f9b04e4db66f620229299d27a8e765b3967fd616d26440529d8201da0040
                                                                    • Instruction Fuzzy Hash: 14416030F002199FDB54DFA9C854B9EBAF6BF88704F20C529D109AB395DB758D06CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CADA88 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: PH]q
                                                                    • API String ID: 0-3168235125
                                                                    • Opcode ID: d24a65e52930d32da33fca7f7c5e6e8b234009d6c0f526df7087885e345bf433
                                                                    • Instruction ID: fa58591eb62baf87033cdcfc8d444cf4e89f15d69aab98ff925f08de2345b643
                                                                    • Opcode Fuzzy Hash: d24a65e52930d32da33fca7f7c5e6e8b234009d6c0f526df7087885e345bf433
                                                                    • Instruction Fuzzy Hash: 65417F70E0030B9FDB64DF65D4946AEBBB6FF85308F204529E406EB644DB74E94ACB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA21B5 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: PH]q
                                                                    • API String ID: 0-3168235125
                                                                    • Opcode ID: 45376ca2d65bf643eba0c348b772639060c336354697110ca7c612cb85d044c8
                                                                    • Instruction ID: 14e250d9d44bc331d7f29e5cbdfb322cf9ca2b009541e67f700a4c29731d82f2
                                                                    • Opcode Fuzzy Hash: 45376ca2d65bf643eba0c348b772639060c336354697110ca7c612cb85d044c8
                                                                    • Instruction Fuzzy Hash: EC31F330B103168FDB599F74856866E3BA7AF89218F18856CD406DB398DF39CE06C791
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CADA7F Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: PH]q
                                                                    • API String ID: 0-3168235125
                                                                    • Opcode ID: 3b6f723b7437726df4b4614f8e00a6a3280068d261d69a59bb0f26d33ff1c7f0
                                                                    • Instruction ID: e32c7b11f9b6abcb37f5b9a5b03c004e60690145f93e08989020a56a91433d58
                                                                    • Opcode Fuzzy Hash: 3b6f723b7437726df4b4614f8e00a6a3280068d261d69a59bb0f26d33ff1c7f0
                                                                    • Instruction Fuzzy Hash: AC41C370E0030A9FDB64DF64D49069EB7B6FF85304F104629E406E7744EB70E946CB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA21C8 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: PH]q
                                                                    • API String ID: 0-3168235125
                                                                    • Opcode ID: 8c2a5a74751376b0dcabf44e47f25dbd0c4712a8c3a0aaed6b880ac86fcd204f
                                                                    • Instruction ID: 198cad8bf44ad50a89a6690d34945feae872677c45f7701ad67ba425fad4a0f2
                                                                    • Opcode Fuzzy Hash: 8c2a5a74751376b0dcabf44e47f25dbd0c4712a8c3a0aaed6b880ac86fcd204f
                                                                    • Instruction Fuzzy Hash: A831E330B003168FDB589B74D45466E7BEBAF89218F18853CD406DB348DE39DE06C791
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA8298 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $]q
                                                                    • API String ID: 0-1007455737
                                                                    • Opcode ID: 3010659669d65e63fe184a85645c2178840be8b55b87b62a865b29787878b6c3
                                                                    • Instruction ID: f681594aaeacb5fc25d45a01eb5a184778f4ebb494664249bb43ae190f9ca7a4
                                                                    • Opcode Fuzzy Hash: 3010659669d65e63fe184a85645c2178840be8b55b87b62a865b29787878b6c3
                                                                    • Instruction Fuzzy Hash: EEF0AF31B02307CFDF689E89E5A467877A5FB50218F14496AC945CB258D731DE05C790
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CAB1E8 Relevance: .3, Instructions: 293COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cb9805e2ade8b1aacee1d8de9ca6568c1840d748e6e7f642432843e9dcee4a30
                                                                    • Instruction ID: 863d838148b2cdc291a350094b182b3531a0f7d5c50b50f5ea00bb0093661295
                                                                    • Opcode Fuzzy Hash: cb9805e2ade8b1aacee1d8de9ca6568c1840d748e6e7f642432843e9dcee4a30
                                                                    • Instruction Fuzzy Hash: 6AA1A770F0020A8FDF64DFADD5947AEB7B6EB85314F244829E409DB395CA38DD818751
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA61C0 Relevance: .2, Instructions: 229COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2fe9cfc40d66a0d3526531655f55af2a73661e382ce87090769d1b829b851e20
                                                                    • Instruction ID: 60aeabc4cb280e3a666f614db636400307b56b827ac087239c8c6c90eba99cdb
                                                                    • Opcode Fuzzy Hash: 2fe9cfc40d66a0d3526531655f55af2a73661e382ce87090769d1b829b851e20
                                                                    • Instruction Fuzzy Hash: FA61DE71F001224FDB54AA6EC88466FBADAAFD4224B194039D80EDB360DE6ADD0287D1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA4268 Relevance: .2, Instructions: 223COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 436ba7d21f4857018fe27aa1a4554efbe5c332522dff40d17e89249bf30041b8
                                                                    • Instruction ID: 5c2f6b43e5ab39dbab6561ad4aa5138a014abffc9465ee9da19e1075a91288c0
                                                                    • Opcode Fuzzy Hash: 436ba7d21f4857018fe27aa1a4554efbe5c332522dff40d17e89249bf30041b8
                                                                    • Instruction Fuzzy Hash: 19814D30B1020A8FDF48DFA9D46479EB7F2AF89304F118429D40ADB394EB75DD468B81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA4278 Relevance: .2, Instructions: 218COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0b19ecbfb47a453cc15ac6aacad650e3f7dbc80f03084a1973308d27349c1dd6
                                                                    • Instruction ID: d54a34f99e8ea7f7fb07ff73a7f9ccf01aa584ec719d45d2835ac0439b48bcc9
                                                                    • Opcode Fuzzy Hash: 0b19ecbfb47a453cc15ac6aacad650e3f7dbc80f03084a1973308d27349c1dd6
                                                                    • Instruction Fuzzy Hash: 07812C30B1020A8FDB48DFA9D46476EB7F2AF89304F118529D40ADB394EF75DD468B82
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA458C Relevance: .2, Instructions: 218COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f6acf73e70939f253aaeec6d27e2b96d4acf443b6f85220975c4629515895e59
                                                                    • Instruction ID: a6486d99a33f4194567153004d1cda7cafdef5e31b244a3d7363b7ba43786b3d
                                                                    • Opcode Fuzzy Hash: f6acf73e70939f253aaeec6d27e2b96d4acf443b6f85220975c4629515895e59
                                                                    • Instruction Fuzzy Hash: 57913E30E0061A8BDF64DF68C890B9DB7B1FF89304F20C599D54DAB355DB70AA86CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA45A0 Relevance: .2, Instructions: 210COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c9743c04298eb5e22adf22e2ec8b831ca7352e2f6b5e51add9126da3d3f109aa
                                                                    • Instruction ID: 2130e5f2d19e4d27f32abc529ab2b8c7649756dd0d58d43cf7c0c7792059a50c
                                                                    • Opcode Fuzzy Hash: c9743c04298eb5e22adf22e2ec8b831ca7352e2f6b5e51add9126da3d3f109aa
                                                                    • Instruction Fuzzy Hash: A9913D30E0061A8BDF64DF68C890B9DB7B1FF89304F20C599D50DAB355DB70AA85CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CAEEE8 Relevance: .2, Instructions: 201COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 999ca27cbb55d6b2ec8b4b5ec01a937be27217071dc9ff10342a41e9ba54fc0b
                                                                    • Instruction ID: 364225c0c7570a1a2be1b0e32b6742585a90ba62beed0e67f436eab2ef3ab108
                                                                    • Opcode Fuzzy Hash: 999ca27cbb55d6b2ec8b4b5ec01a937be27217071dc9ff10342a41e9ba54fc0b
                                                                    • Instruction Fuzzy Hash: F4710970A0020A9FDB54DFA9D990AAEBBF6FF88304F148529D419AB354DB30ED46CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CAEEE3 Relevance: .2, Instructions: 199COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8ea9e649b1328fe5f4d019f5b3bb67835d7daa5773169081c976175ed6d86464
                                                                    • Instruction ID: 0a9ae5288e1b88cdf72d3706f64519c4e700b42c476f7b86e01f683fe79b1b33
                                                                    • Opcode Fuzzy Hash: 8ea9e649b1328fe5f4d019f5b3bb67835d7daa5773169081c976175ed6d86464
                                                                    • Instruction Fuzzy Hash: 58710A70A0020A9FDB54DFA9D990AAEBBF6FF88304F14C569D419EB354DB30E946CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CAFC50 Relevance: .2, Instructions: 171COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 04c13f6edcdbc5d6d256ea3ab4a0ac8009b6683953675691ace3792993fd280e
                                                                    • Instruction ID: aa6d7917de7b4a4fa22d00075c44444bfd482cfa925e8bab04f6b438e48cf2bf
                                                                    • Opcode Fuzzy Hash: 04c13f6edcdbc5d6d256ea3ab4a0ac8009b6683953675691ace3792993fd280e
                                                                    • Instruction Fuzzy Hash: 8A51B131E0020ADFCF28AF79E4946ADB7B2FF84319F10886DE12AD7250DB359955CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CAF9EF Relevance: .2, Instructions: 167COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3f9e56d02da5da520dd17f35dd6944f7ea165e8761772e4ffd6ca1ea0f3ae6a6
                                                                    • Instruction ID: 6193349997fc216821920e9f48688c34157039659af105021c2d2f4dd5d9be5f
                                                                    • Opcode Fuzzy Hash: 3f9e56d02da5da520dd17f35dd6944f7ea165e8761772e4ffd6ca1ea0f3ae6a6
                                                                    • Instruction Fuzzy Hash: FF51D870B103069FEF646B6CE86477F365EDB89304F10492EE41AD7399CA79CD4583A2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CAFA00 Relevance: .2, Instructions: 163COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e68cbaca667639ef50abd7145004c0129abfa07987e8ac30ab2747f3e237a46d
                                                                    • Instruction ID: aa7ed84bda4c43a13c990c358559595c70c1cf0e513376b748b5678d20a0faea
                                                                    • Opcode Fuzzy Hash: e68cbaca667639ef50abd7145004c0129abfa07987e8ac30ab2747f3e237a46d
                                                                    • Instruction Fuzzy Hash: E251E970B103069FEF646A6CE86477F365FD789304F10492EE41AC7399CA78CD4683A2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA53F0 Relevance: .1, Instructions: 126COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 67c2dea4683995fcebb272722ac1bb58e002a5c68b78d2ff38c19d043041db15
                                                                    • Instruction ID: 36e3f2d37c88be083d8634467bc8a48a77822306bdf167d0d370d51823188c66
                                                                    • Opcode Fuzzy Hash: 67c2dea4683995fcebb272722ac1bb58e002a5c68b78d2ff38c19d043041db15
                                                                    • Instruction Fuzzy Hash: C6413F71E0070A8FDF60CEA9D880AAFFBB6FB84314F50892AD11AD7650D731E9558B91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA3E70 Relevance: .1, Instructions: 121COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6472beb1e3f8747fa3894e7e0b52842e92d87959b1b89fe5713323795e6c1c17
                                                                    • Instruction ID: e73affe79033948a26bce6afa302aa372a90fef303244dcee341669b9c5726e9
                                                                    • Opcode Fuzzy Hash: 6472beb1e3f8747fa3894e7e0b52842e92d87959b1b89fe5713323795e6c1c17
                                                                    • Instruction Fuzzy Hash: 16411372E003899FDB10DFA9D8607DEBBF0EB48314F00816AE419EB290D3349905CBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CAD933 Relevance: .1, Instructions: 95COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3879f1a16623e79275b33a57409c648f37f02613a9b8972991a61d4db40458c4
                                                                    • Instruction ID: 01d7f9acf93b371aac3f5ecc74320c3a7abccf0286c62818629d76cbf3d75f2c
                                                                    • Opcode Fuzzy Hash: 3879f1a16623e79275b33a57409c648f37f02613a9b8972991a61d4db40458c4
                                                                    • Instruction Fuzzy Hash: 9A317030A1031B8FCF28DF69D590A9EB7B6FF85308F108929D406AB654EB70E946CB41
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA53E0 Relevance: .1, Instructions: 94COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3d1cd4d42c84a94d8b2dae4179a1dadceaf4eaf33fada5211bb30f5bbc1f71ad
                                                                    • Instruction ID: 4967a9fea22e3b0d5fd4a82ee80007da28dfeb4aa4fe3958596f9846a7cdf013
                                                                    • Opcode Fuzzy Hash: 3d1cd4d42c84a94d8b2dae4179a1dadceaf4eaf33fada5211bb30f5bbc1f71ad
                                                                    • Instruction Fuzzy Hash: A1319071E007069BCF608EA9C8C1AAFBBB6FB84314F50892AD11AD7650C730E9558B91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CAFC47 Relevance: .1, Instructions: 94COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d733b6fbb7e568dac524699d7cf8b09e9b43178b68f91ad9f14153c5622b7bad
                                                                    • Instruction ID: 694cfdef272a0f2b0bc5f14e838cbb6b29b56f5f1284bff2c32606089b141e85
                                                                    • Opcode Fuzzy Hash: d733b6fbb7e568dac524699d7cf8b09e9b43178b68f91ad9f14153c5622b7bad
                                                                    • Instruction Fuzzy Hash: 4C31E331E112199BCB18BBB8E4481AEBBB6FF84319F10887DE41A97250CF359859C7D1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA2078 Relevance: .1, Instructions: 94COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6d896bf1f1bcdab7285a8a98a0d6ee312f02ef116b9b4c1ee9193f9f3e873689
                                                                    • Instruction ID: 755370726ccd1a3d83d185bffbe03d1bbf802f0b5c6c5a6320e8e003a9adbeba
                                                                    • Opcode Fuzzy Hash: 6d896bf1f1bcdab7285a8a98a0d6ee312f02ef116b9b4c1ee9193f9f3e873689
                                                                    • Instruction Fuzzy Hash: F3318030E1021A8BCF19CF64D4946AEBBB2AF89304F14C919E916A7350DB35ED46CB40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CAD938 Relevance: .1, Instructions: 93COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1926c928dd5eb4b65aefac36f59650ecef0d3b5a0e7bc6a312307fde860e2c4a
                                                                    • Instruction ID: 3f2c1da197c53bf733f18577d3a91e281b36d5410055c5ea1907cf422324f9ab
                                                                    • Opcode Fuzzy Hash: 1926c928dd5eb4b65aefac36f59650ecef0d3b5a0e7bc6a312307fde860e2c4a
                                                                    • Instruction Fuzzy Hash: 40316230E1071B8FCF68DF69D590A9EB7B6FF85308F108929D406AB654DB70E946CB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA2088 Relevance: .1, Instructions: 91COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e4b37d52216511adc4582ff136ff4ec78beee02c55588706f0c38f0addd20b79
                                                                    • Instruction ID: e00772f984881904d7b7780a7f39089f218158ca1e33e25fd5ee9f95adc93e7a
                                                                    • Opcode Fuzzy Hash: e4b37d52216511adc4582ff136ff4ec78beee02c55588706f0c38f0addd20b79
                                                                    • Instruction Fuzzy Hash: B3318F30E1022A9BCF19CF65D8946AEB7B2FF89304F148829E906E7350DB35ED42CB40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA3E80 Relevance: .1, Instructions: 78COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2ed5e678c626761ed17f70870780686ed866dc4e426824b965ecd8d9cbe61df4
                                                                    • Instruction ID: 8072dac4d987dc5afaf345b0bb350134c56f9acfb93dfe2dda701ec305602def
                                                                    • Opcode Fuzzy Hash: 2ed5e678c626761ed17f70870780686ed866dc4e426824b965ecd8d9cbe61df4
                                                                    • Instruction Fuzzy Hash: F8218E75F1025A9FDB50DFA9D8A0AAEB7F5EB88314F104069E909EB380E731DD018B91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0137D030 Relevance: .1, Instructions: 72COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4471998823.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_137d000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: edd56beee07ed060d6865f746bfe10cbfba379763b59d5a71e121584bcc2fd35
                                                                    • Instruction ID: 77b0f039c0168e38fca1ca81ed978bee481adf5a2c8d6c4b4f3b79a328f691c0
                                                                    • Opcode Fuzzy Hash: edd56beee07ed060d6865f746bfe10cbfba379763b59d5a71e121584bcc2fd35
                                                                    • Instruction Fuzzy Hash: 4221F271504204DFDB26DFA8D980F26BBA9FF84318F24C56DD94A4B256C33ED446CA62
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0137D1F8 Relevance: .1, Instructions: 72COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4471998823.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_137d000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5953b6d880f871455804290900ed82e1ade5e748b84d8cc4394c3f206e87623c
                                                                    • Instruction ID: 4ac2a7eb21259eecfccefe598a4332a1658c6d06427902be4245220d5e4d2f4c
                                                                    • Opcode Fuzzy Hash: 5953b6d880f871455804290900ed82e1ade5e748b84d8cc4394c3f206e87623c
                                                                    • Instruction Fuzzy Hash: 48210471504204DFDB25DF98D984B26BB69FF84338F24C56DE9490B246C37ED407CAA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0137D3A8 Relevance: .1, Instructions: 72COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4471998823.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_137d000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cf17d5b474692bdcc2d464fc7eb89176e25efe91025135f308055f394e5191c3
                                                                    • Instruction ID: 25792c3f7f46085db4fd49fbbef1f77383f9d2f1e407de4e56c3047722e0d05c
                                                                    • Opcode Fuzzy Hash: cf17d5b474692bdcc2d464fc7eb89176e25efe91025135f308055f394e5191c3
                                                                    • Instruction Fuzzy Hash: AB2125B1600204DFDB15DF58D5C0B26BFA9FF88318F20C56DD9095B256C73EE406CA61
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0137D006 Relevance: .1, Instructions: 68COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4471998823.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_137d000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0fa26a7ad31f16ae2d12d248a89ac56817e09d65f393a4987d47f88f58d6acfb
                                                                    • Instruction ID: 542d66a5e19a7fe474858e151a249ac3b5d121b6c17bcf6d50149e4910d3d430
                                                                    • Opcode Fuzzy Hash: 0fa26a7ad31f16ae2d12d248a89ac56817e09d65f393a4987d47f88f58d6acfb
                                                                    • Instruction Fuzzy Hash: BC216B755093C08FDB13CF64D994711BF71AF46214F29C5EBD8898F2A7C23A980ACB62
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA6CE8 Relevance: .1, Instructions: 68COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3430625057a5b949c0e2bdd51d71022977fb0d801279731f56f4aec999396253
                                                                    • Instruction ID: 5c193b0349f896ea52d9f66c19fb35f7ad230b42ffb083953eab8e37943fc769
                                                                    • Opcode Fuzzy Hash: 3430625057a5b949c0e2bdd51d71022977fb0d801279731f56f4aec999396253
                                                                    • Instruction Fuzzy Hash: 9821D231F0021A9FCF58DB69E8506ADB7B6EB84354F248429D409EB344DB31ED01CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA233C Relevance: .1, Instructions: 66COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f2e961f69caceb2ab1aa7b933415dad05b9ce423186c0cfbeb421896b780060a
                                                                    • Instruction ID: 6839881d17f77a3960280050ce2b49b3c4fdb046ed067c9fef4a900807b5b86a
                                                                    • Opcode Fuzzy Hash: f2e961f69caceb2ab1aa7b933415dad05b9ce423186c0cfbeb421896b780060a
                                                                    • Instruction Fuzzy Hash: 8C21F6B18052A9AFCB00DFA9D994ADEFFF4FF49314F10815AE518A7211C374A544CBE4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA3430 Relevance: .1, Instructions: 63COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a60d75eaef6e8d240c769ed526b0f1693f2805f85eeaac1ec33e34744506a4a2
                                                                    • Instruction ID: e07e571d75c27c165ef6d4255f1f257a16f96032e186371449ae7fc52830b1cd
                                                                    • Opcode Fuzzy Hash: a60d75eaef6e8d240c769ed526b0f1693f2805f85eeaac1ec33e34744506a4a2
                                                                    • Instruction Fuzzy Hash: 6B11B170E003299BCF58DF69D8905DEFBB5EB89304F108569D00DEB300DA319A45CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA3F90 Relevance: .1, Instructions: 59COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8241e09d75f78f8a3814859781976af7aed4f88ca813e3a0798c29f51c67f8c3
                                                                    • Instruction ID: fea86bcbc120d37bfc9022212f7230e8f7737bfbbd51b2cac68cf992703e53bc
                                                                    • Opcode Fuzzy Hash: 8241e09d75f78f8a3814859781976af7aed4f88ca813e3a0798c29f51c67f8c3
                                                                    • Instruction Fuzzy Hash: 82116532B101294FDB54D678DC646AE73F6ABC8215B008539D40AE7344EE69DC068BD1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA41C9 Relevance: .1, Instructions: 58COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 28a713baf961170ec8c5a94879a5c64e2129adbc073fae787ed82178220984c6
                                                                    • Instruction ID: 5183e085c9379e47093ff182c649b98510d0bb53a7dc5f3e5023bbb2c6949a66
                                                                    • Opcode Fuzzy Hash: 28a713baf961170ec8c5a94879a5c64e2129adbc073fae787ed82178220984c6
                                                                    • Instruction Fuzzy Hash: 70012435B001225BDB28997DD849B2FA6DACBC9214F20C43AE50EC3354DD64DD028392
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA2354 Relevance: .1, Instructions: 55COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d80ac5d078e616f3148bb85bb2a26c51c90178da831c0c026cc9bb2efe888c54
                                                                    • Instruction ID: db5ef82053ec6364f3c51680ab37678f3e06a88906ce6a02e3eaa699d12b0978
                                                                    • Opcode Fuzzy Hash: d80ac5d078e616f3148bb85bb2a26c51c90178da831c0c026cc9bb2efe888c54
                                                                    • Instruction Fuzzy Hash: 0521C3B1D01669AFCB10DF9AD984ADEFBB4FB49314F10812AE518A7200C375A954CFE5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0137D1F3 Relevance: .1, Instructions: 53COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4471998823.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_137d000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 58489c3f61924d27558184a5eb21aea17821769c0c96028cc0fb4c2ef8240ab9
                                                                    • Instruction ID: db9ae0b4ce31f6320f858b3a04911a1ff0b3976b1bb0a771eeede06d993240f9
                                                                    • Opcode Fuzzy Hash: 58489c3f61924d27558184a5eb21aea17821769c0c96028cc0fb4c2ef8240ab9
                                                                    • Instruction Fuzzy Hash: 9A11BF76504280DFDB22CF54D5C4B15FFB1FB84328F28C6AAD8494B656C33AD40ACBA2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0137D3A3 Relevance: .1, Instructions: 53COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4471998823.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_137d000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                    • Instruction ID: 8e1135fbf140b519f6ea8cfca9d3f757dc61ba6afaf67d7d8b84b30d238dad6f
                                                                    • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                    • Instruction Fuzzy Hash: 2411BB75504280DFDB12CF54D5C4B15BFA2FB84318F24C6AED9494B266C33AE44ACB62
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA3C4B Relevance: .1, Instructions: 53COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c2a64d6cce6673d51cfb1958203757f9bc4e75b37e9a635522280d64a9db3a1a
                                                                    • Instruction ID: 0979553918c1d99b9ad13b27eed38cf63dba775cead2f6ca912e5a26fd05f7c7
                                                                    • Opcode Fuzzy Hash: c2a64d6cce6673d51cfb1958203757f9bc4e75b37e9a635522280d64a9db3a1a
                                                                    • Instruction Fuzzy Hash: D821C2B1D01259AFCB00DF9AD984ADEFFB4FB49314F50812AE518A7200C374A544CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA41D8 Relevance: .1, Instructions: 51COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 38aead26c6160f996cc45dce69dca8a350d2702c93103747a160d3eb24a5da2f
                                                                    • Instruction ID: 1d56df3fc7c45a5c9bb2b8d140fc84b79b0e73d0debd41ea1ed1b15ed63e8d8b
                                                                    • Opcode Fuzzy Hash: 38aead26c6160f996cc45dce69dca8a350d2702c93103747a160d3eb24a5da2f
                                                                    • Instruction Fuzzy Hash: C7012635B001214BDB6899BDD418B2FB6DADBC9714F20C43EE10EC7344DDA5DD028391
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CAA2CB Relevance: .0, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c68dbb5308ffd30b229a1721b54e4eead84402ee324a435f430cddfaebe47a86
                                                                    • Instruction ID: d43ab8079e88027669964f8ceafd7d9cc85be8b36943b81433191ed4152167e5
                                                                    • Opcode Fuzzy Hash: c68dbb5308ffd30b229a1721b54e4eead84402ee324a435f430cddfaebe47a86
                                                                    • Instruction Fuzzy Hash: 44012630B0022A0FDB65AA7DE854B6E77E5DB89718F10843DE10ECB354EE21DD02C381
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA3F7F Relevance: .0, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 05b5e22919b5a0d02dced74fc74a3f423f498cf3577b3ba17378afbdf8d9168d
                                                                    • Instruction ID: 7630e477f8e5e7af5a06619637ca9730022d9cc9f820a8ae3ed4e754a6b2d52e
                                                                    • Opcode Fuzzy Hash: 05b5e22919b5a0d02dced74fc74a3f423f498cf3577b3ba17378afbdf8d9168d
                                                                    • Instruction Fuzzy Hash: 4E018432F101295FDB48DA68DC646EF73FBABC8205F044139D00AD7284EE65CD0647D1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CAF163 Relevance: .0, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e00f8da5d8c7e0783d7526bd7a8d0c4f8c4b0857178653fc9744a3fa5a547ca1
                                                                    • Instruction ID: e0ef151f3a5dbd1f12bbad25d861177e4e3786424c3c686d5be43d90b6ee22f6
                                                                    • Opcode Fuzzy Hash: e00f8da5d8c7e0783d7526bd7a8d0c4f8c4b0857178653fc9744a3fa5a547ca1
                                                                    • Instruction Fuzzy Hash: 8A01D175B001224BCB65966DD854B3F67EADBCA618F10882DE20EC7340EE30DD074381
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CAF168 Relevance: .0, Instructions: 49COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 88a7957509ddd971ec921b6fba0e2091c18016dd3bb6f48cd3cb11650a115832
                                                                    • Instruction ID: c51c421bbb6b08b0f5bc44fb7ca8277b4c420f6fb0ff2bff505f72f691ecd348
                                                                    • Opcode Fuzzy Hash: 88a7957509ddd971ec921b6fba0e2091c18016dd3bb6f48cd3cb11650a115832
                                                                    • Instruction Fuzzy Hash: 1901D175B001220BCB65966DD854B3E77EADBCA618F10883DE20EC7340DE31DD074381
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CAA2D8 Relevance: .0, Instructions: 46COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 25500c4b22318fd0af20909fd84c4bfded11dd0fa213ce958a1fe61dd2015e9b
                                                                    • Instruction ID: 4e7480e7f3d2b89b4db8b0153780d59cd37e1c0ab979dcd07896ab288c51dc91
                                                                    • Opcode Fuzzy Hash: 25500c4b22318fd0af20909fd84c4bfded11dd0fa213ce958a1fe61dd2015e9b
                                                                    • Instruction Fuzzy Hash: 6701A430B0022A4FCB65EAADE864B6E77D6EB89715F10843DE14ECB354EE21DD02C781
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CAC783 Relevance: .0, Instructions: 46COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7682619878f155c14e3e5dd599332352d8ea10e3079e1f964e4acc5721727ccd
                                                                    • Instruction ID: efe0f24e5a0a2b1181047c929d435984804082294684a385ed321f16a869c74a
                                                                    • Opcode Fuzzy Hash: 7682619878f155c14e3e5dd599332352d8ea10e3079e1f964e4acc5721727ccd
                                                                    • Instruction Fuzzy Hash: DA01DB31B102299FDF18AA79EC50AAE77B9FBC5314F104539E505EB344DB71A9058BC0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CAC790 Relevance: .0, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e92f2bdc0b3596ccbddc98e3371ac90129f3c276ffcd63e09c9831ee726d90d1
                                                                    • Instruction ID: 5bb212a25bb5b29251631fe7055325a3f11c8ae0d813acac26d7407603fe8b5c
                                                                    • Opcode Fuzzy Hash: e92f2bdc0b3596ccbddc98e3371ac90129f3c276ffcd63e09c9831ee726d90d1
                                                                    • Instruction Fuzzy Hash: 1701A931F102299BDF18AA79EC50AAE7779FB85314F104539E505DB344DB71A9058B80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA6448 Relevance: .0, Instructions: 24COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 33ac5955cbd5fa5f5c6c1ee12f172d73d862920190afdb847b386035882020ef
                                                                    • Instruction ID: 0f41a61d3db0df157bac2a9eb6fd0e5bae15df40afd32b61dfbdcf1da4c70424
                                                                    • Opcode Fuzzy Hash: 33ac5955cbd5fa5f5c6c1ee12f172d73d862920190afdb847b386035882020ef
                                                                    • Instruction Fuzzy Hash: D9E0D8B0E1838A5FEF51CF709A9475B7B79AB0210CF1844DBC444DB143E236CB058780
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA6458 Relevance: .0, Instructions: 22COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c25b581bf72c477dfcbe188b3fcb0fcc48229a8cfe025d9b811dc14475f03411
                                                                    • Instruction ID: 9b9d0f632fc0c85f7ce582d34c329b16a06dcc17688d37f84ec2e5c0d62d7235
                                                                    • Opcode Fuzzy Hash: c25b581bf72c477dfcbe188b3fcb0fcc48229a8cfe025d9b811dc14475f03411
                                                                    • Instruction Fuzzy Hash: 3CE0C2B0E1030EABDF50CEB1C95579AB3ACE70120CF2484A8D408C7201E176CB018780
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Non-executed Functions

                                                                    Function 06CA7668 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                                    • API String ID: 0-2843079600
                                                                    • Opcode ID: c0037b3b0276bc768e306caca7cc3eb7f2c216e9d670a71910a181895946a377
                                                                    • Instruction ID: 19e77cb643bd79616121b4137362016e8fe2bbb1c453c2e0775e0d05f922c114
                                                                    • Opcode Fuzzy Hash: c0037b3b0276bc768e306caca7cc3eb7f2c216e9d670a71910a181895946a377
                                                                    • Instruction Fuzzy Hash: 48122D34E0031A8FDB68DF69D994A9EB7F6BF88308F208569D409AB354DB349D45CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CAA8F8 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                                    • API String ID: 0-1273862796
                                                                    • Opcode ID: c10110ba86148d8769d1e68488e8670f5c4dc2fd54f77150344b38a8e5e3760b
                                                                    • Instruction ID: 42b0bbfc6cfd9ef6c26f4c3341135c29375201b35ef240122d11fb16f2eae8c9
                                                                    • Opcode Fuzzy Hash: c10110ba86148d8769d1e68488e8670f5c4dc2fd54f77150344b38a8e5e3760b
                                                                    • Instruction Fuzzy Hash: A3916230A0030ADFEB68EFA9D694B6EB7F6BF84308F108529D4419B294DB759D45CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA7068 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: .5uq$$]q$$]q$$]q$$]q$$]q$$]q
                                                                    • API String ID: 0-981061697
                                                                    • Opcode ID: aefa6d104b11d5ee7b567a5c12cb1e5ba75ace8effd7e18ceceb33c341a8c8bc
                                                                    • Instruction ID: 1e456fc5524c1b362ce0957f1735719886bfd8dff59a40452a57d4e393e5e2a1
                                                                    • Opcode Fuzzy Hash: aefa6d104b11d5ee7b567a5c12cb1e5ba75ace8effd7e18ceceb33c341a8c8bc
                                                                    • Instruction Fuzzy Hash: 0AF15134B0130ACFDB58EF65D5A4A6EB7B6BF84304F248568D4069B398CB35EC42CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA83A0 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $]q$$]q$$]q$$]q
                                                                    • API String ID: 0-858218434
                                                                    • Opcode ID: 5a03b129155cf222432a9d8cdcea8499fed646d0dd9dc89f41505e962834af0d
                                                                    • Instruction ID: fff0eea2bfb2cf765168560d9eb3de8d14320a507855e9e9ad4a22c19885e99c
                                                                    • Opcode Fuzzy Hash: 5a03b129155cf222432a9d8cdcea8499fed646d0dd9dc89f41505e962834af0d
                                                                    • Instruction Fuzzy Hash: 41B14C30A1130A8FDB58DF68D594A9EB7B6BF84308F248829D406DB354DB35DD86CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CA87B8 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: LR]q$LR]q$$]q$$]q
                                                                    • API String ID: 0-3527005858
                                                                    • Opcode ID: f9ad5a7f3dea6a8fa35d5bc7f5d4b7672ad6b7df547d271b6a6573d7866d6528
                                                                    • Instruction ID: ac27a4cdba0d70d1a396192bf88aa3ab4150ef9d5e7353028e47b77acf7d7d86
                                                                    • Opcode Fuzzy Hash: f9ad5a7f3dea6a8fa35d5bc7f5d4b7672ad6b7df547d271b6a6573d7866d6528
                                                                    • Instruction Fuzzy Hash: 0A51B330B013069FDB58EF29D950A6E77F6FF84308F148969E4069B3A9DA30ED45CB51
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06CAAC83 Relevance: 5.2, Strings: 4, Instructions: 167COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.4521311109.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_6ca0000_Packing List PDF.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $]q$$]q$$]q$$]q
                                                                    • API String ID: 0-858218434
                                                                    • Opcode ID: 490fb97bc4667b86c14f72f449c9427341ec420cc8bf0da2cf438a806811f243
                                                                    • Instruction ID: ab39f9da0944e93d9fc757d9064e23ed49dc086e961396158e7b1c15fc1f317a
                                                                    • Opcode Fuzzy Hash: 490fb97bc4667b86c14f72f449c9427341ec420cc8bf0da2cf438a806811f243
                                                                    • Instruction Fuzzy Hash: F9516D30E1030A9FDF69DBA4E590AADB7B6FB85308F148529E806DB354DB35DD41CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Execution Graph

                                                                    Execution Coverage:9.4%
                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                    Signature Coverage:0%
                                                                    Total number of Nodes:151
                                                                    Total number of Limit Nodes:2
                                                                    execution_graph 70457 56b8d08 70458 56b8d33 70457->70458 70465 56b86fc 70458->70465 70460 56b906f 70461 56b876c 2 API calls 70460->70461 70464 56b9325 70460->70464 70461->70464 70462 56b8d72 70462->70460 70469 56b876c 70462->70469 70466 56b8707 70465->70466 70467 56b876c 2 API calls 70466->70467 70468 56baa7e 70467->70468 70468->70462 70470 56b8777 70469->70470 70473 1775c9c 2 API calls 70470->70473 70474 1777150 70470->70474 70471 56bac6c 70471->70460 70473->70471 70475 1777160 70474->70475 70476 1775ccc 2 API calls 70475->70476 70477 1777205 70476->70477 70477->70471 70437 74cebe8 70438 74cec28 ResumeThread 70437->70438 70440 74cec59 70438->70440 70449 74cf508 70450 74cf54d Wow64SetThreadContext 70449->70450 70452 74cf595 70450->70452 70478 74cf928 70479 74cf9b1 CreateProcessA 70478->70479 70481 74cfb73 70479->70481 70445 56b4050 70446 56b4092 70445->70446 70448 56b4099 70445->70448 70447 56b40ea CallWindowProcW 70446->70447 70446->70448 70447->70448 70441 74cf5e0 70442 74cf620 VirtualAllocEx 70441->70442 70444 74cf65d 70442->70444 70453 74cf790 70454 74cf7db ReadProcessMemory 70453->70454 70456 74cf81f 70454->70456 70482 74cf6a0 70483 74cf6e8 WriteProcessMemory 70482->70483 70485 74cf73f 70483->70485 70312 77d45e0 70313 77d4600 70312->70313 70322 77d21b4 70313->70322 70316 77d21b4 2 API calls 70317 77d4651 70316->70317 70318 77d21b4 2 API calls 70317->70318 70319 77d4675 70318->70319 70320 77d21b4 2 API calls 70319->70320 70321 77d4699 70320->70321 70323 77d21bf 70322->70323 70326 77d21d4 70323->70326 70325 77d462d 70325->70316 70327 77d21df 70326->70327 70331 1777097 70327->70331 70335 1775c6c 70327->70335 70328 77d48ab 70328->70325 70332 17770a8 70331->70332 70339 1775c9c 70332->70339 70334 1777102 70334->70328 70336 1775c77 70335->70336 70337 1775c9c 2 API calls 70336->70337 70338 1777102 70337->70338 70338->70328 70340 1775ca7 70339->70340 70343 1775ccc 70340->70343 70342 1777205 70342->70334 70344 1775cd7 70343->70344 70346 177850b 70344->70346 70350 177abb8 70344->70350 70345 1778549 70345->70342 70346->70345 70354 177cca1 70346->70354 70359 177ccb0 70346->70359 70364 177abdf 70350->70364 70368 177abf0 70350->70368 70351 177abce 70351->70346 70356 177ccb0 70354->70356 70355 177ccf5 70355->70345 70356->70355 70391 177ce60 70356->70391 70395 177ce4f 70356->70395 70360 177ccd1 70359->70360 70361 177ccf5 70360->70361 70362 177ce60 2 API calls 70360->70362 70363 177ce4f 2 API calls 70360->70363 70361->70345 70362->70361 70363->70361 70365 177abf0 70364->70365 70371 177ace8 70365->70371 70366 177abff 70366->70351 70370 177ace8 2 API calls 70368->70370 70369 177abff 70369->70351 70370->70369 70372 177acf9 70371->70372 70373 177ad1c 70371->70373 70372->70373 70379 177af70 70372->70379 70383 177af80 70372->70383 70373->70366 70374 177af20 GetModuleHandleW 70376 177af4d 70374->70376 70375 177ad14 70375->70373 70375->70374 70376->70366 70380 177af94 70379->70380 70382 177afb9 70380->70382 70387 177a0a8 70380->70387 70382->70375 70384 177af94 70383->70384 70385 177afb9 70384->70385 70386 177a0a8 LoadLibraryExW 70384->70386 70385->70375 70386->70385 70388 177b160 LoadLibraryExW 70387->70388 70390 177b1d9 70388->70390 70390->70382 70392 177ce6d 70391->70392 70394 177cea7 70392->70394 70399 177b6c0 70392->70399 70394->70355 70396 177ce6d 70395->70396 70397 177cea7 70396->70397 70398 177b6c0 2 API calls 70396->70398 70397->70355 70398->70397 70400 177b6cb 70399->70400 70402 177dbb8 70400->70402 70403 177cfc4 70400->70403 70402->70402 70404 177cfcf 70403->70404 70405 1775ccc 2 API calls 70404->70405 70406 177dc27 70405->70406 70406->70402 70486 77d4810 70487 77d4814 70486->70487 70488 77d21d4 2 API calls 70487->70488 70489 77d482d 70488->70489 70297 177d378 70298 177d3be 70297->70298 70302 177d558 70298->70302 70305 177d547 70298->70305 70299 177d4ab 70309 177b6d0 70302->70309 70306 177d558 70305->70306 70307 177b6d0 DuplicateHandle 70306->70307 70308 177d586 70307->70308 70308->70299 70310 177d5c0 DuplicateHandle 70309->70310 70311 177d586 70310->70311 70311->70299 70407 1774668 70408 1774672 70407->70408 70412 1774758 70407->70412 70417 1774204 70408->70417 70410 177468d 70413 177477d 70412->70413 70421 1774868 70413->70421 70425 1774859 70413->70425 70418 177420f 70417->70418 70433 1775c4c 70418->70433 70420 1776f8d 70420->70410 70423 177488f 70421->70423 70422 177496c 70422->70422 70423->70422 70429 17744e4 70423->70429 70426 1774868 70425->70426 70427 177496c 70426->70427 70428 17744e4 CreateActCtxA 70426->70428 70428->70427 70430 17758f8 CreateActCtxA 70429->70430 70432 17759bb 70430->70432 70432->70432 70434 1775c57 70433->70434 70435 1775c6c 2 API calls 70434->70435 70436 177702d 70435->70436 70436->70420

                                                                    Executed Functions

                                                                    Function 077F53B8 Relevance: 8.5, Strings: 6, Instructions: 1042COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1244 77f53b8-77f53d9 1245 77f53db 1244->1245 1246 77f53e0-77f54cc 1244->1246 1245->1246 1248 77f5cfe-77f5d26 1246->1248 1249 77f54d2-77f5629 1246->1249 1252 77f640f-77f6418 1248->1252 1293 77f562f-77f568a 1249->1293 1294 77f5ccc-77f5cfb 1249->1294 1254 77f641e-77f6435 1252->1254 1255 77f5d34-77f5d3d 1252->1255 1256 77f5d3f 1255->1256 1257 77f5d44-77f5e38 1255->1257 1256->1257 1275 77f5e3a-77f5e46 1257->1275 1276 77f5e62 1257->1276 1278 77f5e48-77f5e4e 1275->1278 1279 77f5e50-77f5e56 1275->1279 1280 77f5e68-77f5e88 1276->1280 1281 77f5e60 1278->1281 1279->1281 1285 77f5e8a-77f5ee3 1280->1285 1286 77f5ee8-77f5f62 1280->1286 1281->1280 1297 77f640c 1285->1297 1305 77f5fb9-77f5ffc 1286->1305 1306 77f5f64-77f5fb7 1286->1306 1300 77f568f-77f569a 1293->1300 1301 77f568c 1293->1301 1294->1248 1297->1252 1304 77f5bde-77f5be4 1300->1304 1301->1300 1307 77f569f-77f56bd 1304->1307 1308 77f5bea-77f5c49 1304->1308 1333 77f6007-77f600d 1305->1333 1306->1333 1310 77f56bf-77f56c3 1307->1310 1311 77f5714-77f5729 1307->1311 1344 77f5c55-77f5c67 1308->1344 1310->1311 1315 77f56c5-77f56d0 1310->1315 1316 77f572b 1311->1316 1317 77f5730-77f5746 1311->1317 1320 77f5706-77f570c 1315->1320 1316->1317 1318 77f574d-77f5764 1317->1318 1319 77f5748 1317->1319 1323 77f576b-77f5781 1318->1323 1324 77f5766 1318->1324 1319->1318 1326 77f570e-77f570f 1320->1326 1327 77f56d2-77f56d6 1320->1327 1331 77f5788-77f578f 1323->1331 1332 77f5783 1323->1332 1324->1323 1334 77f5792-77f5803 1326->1334 1329 77f56dc-77f56f4 1327->1329 1330 77f56d8 1327->1330 1336 77f56fb-77f5703 1329->1336 1337 77f56f6 1329->1337 1330->1329 1331->1334 1332->1331 1338 77f6064-77f6070 1333->1338 1339 77f5819-77f5991 1334->1339 1340 77f5805 1334->1340 1336->1320 1337->1336 1341 77f600f-77f6031 1338->1341 1342 77f6072-77f60fa 1338->1342 1348 77f59a7-77f5ae2 1339->1348 1349 77f5993 1339->1349 1340->1339 1343 77f5807-77f5813 1340->1343 1345 77f6038-77f6061 1341->1345 1346 77f6033 1341->1346 1372 77f627f-77f6288 1342->1372 1343->1339 1351 77f5cb6-77f5cbc 1344->1351 1345->1338 1346->1345 1362 77f5b46-77f5b5b 1348->1362 1363 77f5ae4-77f5ae8 1348->1363 1349->1348 1352 77f5995-77f59a1 1349->1352 1353 77f5cbe-77f5cc4 1351->1353 1354 77f5c69-77f5cb3 1351->1354 1352->1348 1353->1294 1354->1351 1365 77f5b5d 1362->1365 1366 77f5b62-77f5b83 1362->1366 1363->1362 1367 77f5aea-77f5af9 1363->1367 1365->1366 1369 77f5b8a-77f5ba9 1366->1369 1370 77f5b85 1366->1370 1371 77f5b38-77f5b3e 1367->1371 1378 77f5bab 1369->1378 1379 77f5bb0-77f5bd0 1369->1379 1370->1369 1374 77f5afb-77f5aff 1371->1374 1375 77f5b40-77f5b41 1371->1375 1376 77f60ff-77f6114 1372->1376 1377 77f628e-77f62e9 1372->1377 1381 77f5b09-77f5b2a 1374->1381 1382 77f5b01-77f5b05 1374->1382 1380 77f5bdb 1375->1380 1383 77f611d-77f6273 1376->1383 1384 77f6116 1376->1384 1401 77f62eb-77f631e 1377->1401 1402 77f6320-77f634a 1377->1402 1378->1379 1385 77f5bd7 1379->1385 1386 77f5bd2 1379->1386 1380->1304 1388 77f5b2c 1381->1388 1389 77f5b31-77f5b35 1381->1389 1382->1381 1405 77f6279 1383->1405 1384->1383 1390 77f61ad-77f61ed 1384->1390 1391 77f6168-77f61a8 1384->1391 1392 77f6123-77f6163 1384->1392 1393 77f61f2-77f6232 1384->1393 1385->1380 1386->1385 1388->1389 1389->1371 1390->1405 1391->1405 1392->1405 1393->1405 1410 77f6353-77f6405 1401->1410 1402->1410 1405->1372 1410->1297
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: &IH3$4']q$TJbq$Te]q$paq$xb`q
                                                                    • API String ID: 0-2481757060
                                                                    • Opcode ID: e06433c9f1665764975678f08342737a5059a1ee648c867b817f1a2470fe549a
                                                                    • Instruction ID: eb657ee0522d04181743c6124867d634202324cc38a74d20190d8c20aacbbcf8
                                                                    • Opcode Fuzzy Hash: e06433c9f1665764975678f08342737a5059a1ee648c867b817f1a2470fe549a
                                                                    • Instruction Fuzzy Hash: 1BB2D074A00229CFCB65CF69C984AD9BBB2FF89304F1581E9D509AB325DB319E91CF40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F53B3 Relevance: 4.0, Strings: 3, Instructions: 240COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1445 77f53b3-77f53d9 1447 77f53db 1445->1447 1448 77f53e0-77f54cc 1445->1448 1447->1448 1450 77f5cfe-77f5d26 1448->1450 1451 77f54d2-77f5629 1448->1451 1454 77f640f-77f6418 1450->1454 1495 77f562f-77f568a 1451->1495 1496 77f5ccc-77f5cfb 1451->1496 1456 77f641e-77f6435 1454->1456 1457 77f5d34-77f5d3d 1454->1457 1458 77f5d3f 1457->1458 1459 77f5d44-77f5e38 1457->1459 1458->1459 1477 77f5e3a-77f5e46 1459->1477 1478 77f5e62 1459->1478 1480 77f5e48-77f5e4e 1477->1480 1481 77f5e50-77f5e56 1477->1481 1482 77f5e68-77f5e88 1478->1482 1483 77f5e60 1480->1483 1481->1483 1487 77f5e8a-77f5ee3 1482->1487 1488 77f5ee8-77f5f62 1482->1488 1483->1482 1499 77f640c 1487->1499 1507 77f5fb9-77f5ffc 1488->1507 1508 77f5f64-77f5fb7 1488->1508 1502 77f568f-77f569a 1495->1502 1503 77f568c 1495->1503 1496->1450 1499->1454 1506 77f5bde-77f5be4 1502->1506 1503->1502 1509 77f569f-77f56bd 1506->1509 1510 77f5bea-77f5c49 1506->1510 1535 77f6007-77f600d 1507->1535 1508->1535 1512 77f56bf-77f56c3 1509->1512 1513 77f5714-77f5729 1509->1513 1546 77f5c55-77f5c67 1510->1546 1512->1513 1517 77f56c5-77f56d0 1512->1517 1518 77f572b 1513->1518 1519 77f5730-77f5746 1513->1519 1522 77f5706-77f570c 1517->1522 1518->1519 1520 77f574d-77f5764 1519->1520 1521 77f5748 1519->1521 1525 77f576b-77f5781 1520->1525 1526 77f5766 1520->1526 1521->1520 1528 77f570e-77f570f 1522->1528 1529 77f56d2-77f56d6 1522->1529 1533 77f5788-77f578f 1525->1533 1534 77f5783 1525->1534 1526->1525 1536 77f5792-77f5803 1528->1536 1531 77f56dc-77f56f4 1529->1531 1532 77f56d8 1529->1532 1538 77f56fb-77f5703 1531->1538 1539 77f56f6 1531->1539 1532->1531 1533->1536 1534->1533 1540 77f6064-77f6070 1535->1540 1541 77f5819-77f5991 1536->1541 1542 77f5805 1536->1542 1538->1522 1539->1538 1543 77f600f-77f6031 1540->1543 1544 77f6072-77f60fa 1540->1544 1550 77f59a7-77f5ae2 1541->1550 1551 77f5993 1541->1551 1542->1541 1545 77f5807-77f5813 1542->1545 1547 77f6038-77f6061 1543->1547 1548 77f6033 1543->1548 1574 77f627f-77f6288 1544->1574 1545->1541 1553 77f5cb6-77f5cbc 1546->1553 1547->1540 1548->1547 1564 77f5b46-77f5b5b 1550->1564 1565 77f5ae4-77f5ae8 1550->1565 1551->1550 1554 77f5995-77f59a1 1551->1554 1555 77f5cbe-77f5cc4 1553->1555 1556 77f5c69-77f5cb3 1553->1556 1554->1550 1555->1496 1556->1553 1567 77f5b5d 1564->1567 1568 77f5b62-77f5b83 1564->1568 1565->1564 1569 77f5aea-77f5af9 1565->1569 1567->1568 1571 77f5b8a-77f5ba9 1568->1571 1572 77f5b85 1568->1572 1573 77f5b38-77f5b3e 1569->1573 1580 77f5bab 1571->1580 1581 77f5bb0-77f5bd0 1571->1581 1572->1571 1576 77f5afb-77f5aff 1573->1576 1577 77f5b40-77f5b41 1573->1577 1578 77f60ff-77f6114 1574->1578 1579 77f628e-77f62e9 1574->1579 1583 77f5b09-77f5b2a 1576->1583 1584 77f5b01-77f5b05 1576->1584 1582 77f5bdb 1577->1582 1585 77f611d-77f6273 1578->1585 1586 77f6116 1578->1586 1603 77f62eb-77f631e 1579->1603 1604 77f6320-77f634a 1579->1604 1580->1581 1587 77f5bd7 1581->1587 1588 77f5bd2 1581->1588 1582->1506 1590 77f5b2c 1583->1590 1591 77f5b31-77f5b35 1583->1591 1584->1583 1607 77f6279 1585->1607 1586->1585 1592 77f61ad-77f61ed 1586->1592 1593 77f6168-77f61a8 1586->1593 1594 77f6123-77f6163 1586->1594 1595 77f61f2-77f6232 1586->1595 1587->1582 1588->1587 1590->1591 1591->1573 1592->1607 1593->1607 1594->1607 1595->1607 1612 77f6353-77f6405 1603->1612 1604->1612 1607->1574 1612->1499
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: TJbq$Te]q$xb`q
                                                                    • API String ID: 0-1930611328
                                                                    • Opcode ID: 645b363ef14747641b35de4a1faaedbab1e8366e71e64ff68958534322f8440d
                                                                    • Instruction ID: 80137deb36914b1b3f3195336c7a247fb68a5c288e0e1f6ab398d4a4035442e0
                                                                    • Opcode Fuzzy Hash: 645b363ef14747641b35de4a1faaedbab1e8366e71e64ff68958534322f8440d
                                                                    • Instruction Fuzzy Hash: ABC174B5E016188FDB58CF6AC984ADDBBF2BF89300F14C1A9D509AB364DB305A85CF50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077FE290 Relevance: 4.0, Strings: 3, Instructions: 201COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1617 77fe290-77fe2b3 1618 77fe2ba-77fe330 1617->1618 1619 77fe2b5 1617->1619 1624 77fe333 1618->1624 1619->1618 1625 77fe33a-77fe356 1624->1625 1626 77fe35f-77fe360 1625->1626 1627 77fe358 1625->1627 1628 77fe4ae-77fe51e 1626->1628 1627->1624 1627->1626 1627->1628 1629 77fe37c-77fe39a call 77feb18 1627->1629 1630 77fe407-77fe431 1627->1630 1631 77fe436-77fe46c 1627->1631 1632 77fe365-77fe37a 1627->1632 1633 77fe492-77fe4a9 1627->1633 1634 77fe471-77fe48d 1627->1634 1635 77fe3c0-77fe3c4 1627->1635 1636 77fe3f0-77fe402 1627->1636 1650 77fe520 call 77df57c 1628->1650 1651 77fe520 call 77df504 1628->1651 1652 77fe520 call 77def70 1628->1652 1653 77fe520 call 77def80 1628->1653 1645 77fe3a0-77fe3bb 1629->1645 1630->1625 1631->1625 1632->1625 1633->1625 1634->1625 1637 77fe3d7-77fe3de 1635->1637 1638 77fe3c6-77fe3d5 1635->1638 1636->1625 1644 77fe3e5-77fe3eb 1637->1644 1638->1644 1644->1625 1645->1625 1649 77fe526-77fe530 1650->1649 1651->1649 1652->1649 1653->1649
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Te]q$Te]q$)"
                                                                    • API String ID: 0-1081650559
                                                                    • Opcode ID: 830d09f180743e1674930cd50b42a5112ca8fa921d9dcdc779679b29ebae573e
                                                                    • Instruction ID: 13b0916196a5cefa76ad84e35f7260619856d60338bb3da88f2a8ab1dc2beb2a
                                                                    • Opcode Fuzzy Hash: 830d09f180743e1674930cd50b42a5112ca8fa921d9dcdc779679b29ebae573e
                                                                    • Instruction Fuzzy Hash: 5781C3B4E102098FDB08CFEAC984A9EFBB2FF89310F14842AD515AB364D7749946CF54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077FEB18 Relevance: 3.9, Strings: 3, Instructions: 155COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1655 77feb18-77feb39 1656 77feb3b 1655->1656 1657 77feb40-77feb65 1655->1657 1656->1657 1658 77feb6c-77feb78 1657->1658 1659 77feb67 1657->1659 1660 77feb7b 1658->1660 1659->1658 1661 77feb82-77feb9e 1660->1661 1662 77feba7-77feba8 1661->1662 1663 77feba0 1661->1663 1668 77fed1a-77fed1e 1662->1668 1663->1660 1663->1662 1664 77fecfe-77fed15 1663->1664 1665 77febad-77febb6 call 77fef88 1663->1665 1666 77febfd-77fec1b 1663->1666 1667 77fecdb-77fecf9 1663->1667 1663->1668 1669 77fec8a-77feca1 1663->1669 1670 77fec3a-77fec41 1663->1670 1671 77feca6-77fecb0 1663->1671 1672 77febd0-77febd4 1663->1672 1673 77fec20-77fec35 1663->1673 1664->1661 1680 77febbc-77febce 1665->1680 1666->1661 1667->1661 1669->1661 1678 77fec48-77fec85 1670->1678 1679 77fec43 1670->1679 1674 77fecb7-77fecd6 1671->1674 1675 77fecb2 1671->1675 1676 77febe7-77febee 1672->1676 1677 77febd6-77febe5 1672->1677 1673->1661 1674->1661 1675->1674 1681 77febf5-77febfb 1676->1681 1677->1681 1678->1661 1679->1678 1680->1661 1681->1661
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 7Z/t$RWIK$[[bb
                                                                    • API String ID: 0-1157992699
                                                                    • Opcode ID: 47105303215d13022b41f6ee75315f6431e872263f5c3dbbdfd594ac23734bda
                                                                    • Instruction ID: b4fdf8dfea54e7abea3ec0e9560d0a99e45a987a8d35a5c87fcf39070613adf6
                                                                    • Opcode Fuzzy Hash: 47105303215d13022b41f6ee75315f6431e872263f5c3dbbdfd594ac23734bda
                                                                    • Instruction Fuzzy Hash: 2F512AB0E1520A8FCB08CFAAC5415AEFBF2FF89350F14D52AD516A7364D7748A428F94
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077FF580 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: tIh
                                                                    • API String ID: 0-443931868
                                                                    • Opcode ID: f6c53cc64ac60fab4893e7497e37a2dcd49dcd3faf9d1852cb6cd3dace92894c
                                                                    • Instruction ID: 0839c33699d72bc565e3cecf8dbc1cb5749a6b79d4baec831f943fb69fe071b1
                                                                    • Opcode Fuzzy Hash: f6c53cc64ac60fab4893e7497e37a2dcd49dcd3faf9d1852cb6cd3dace92894c
                                                                    • Instruction Fuzzy Hash: 8FD146B4E1020ADFCB04CF99D6848AEFBB2FF89341B209559D515AB355DB34EA42CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D0040 Relevance: .7, Instructions: 651COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ee7b07279c906c0afd9c433606e43411d83d8ad7430f86920a6ed3f14e1f831f
                                                                    • Instruction ID: 0ed08115e9c924299b80a5367860413447566401b874c2edb2214a8c705e2107
                                                                    • Opcode Fuzzy Hash: ee7b07279c906c0afd9c433606e43411d83d8ad7430f86920a6ed3f14e1f831f
                                                                    • Instruction Fuzzy Hash: 57420074721211CFCB299BB8C45866D7BF6BF9A205F20887EE506DB364DE36AC41DB40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DD320 Relevance: .6, Instructions: 596COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4ae742bad29b92a61ace69017368cd2a5c73b3495a81030506e4a259e75fadad
                                                                    • Instruction ID: 8ba433e3b040955a99a6378102a1f784dc65d397378fd29d02e20f4ae53023b8
                                                                    • Opcode Fuzzy Hash: 4ae742bad29b92a61ace69017368cd2a5c73b3495a81030506e4a259e75fadad
                                                                    • Instruction Fuzzy Hash: 65524C74A003068FCB14DF68C844B99B7B2FF85314F2586A9D5586F3A1DBB1AD86CF81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DD31B Relevance: .6, Instructions: 581COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 762231f58e38083b44925188538fd3aa01bb9dc3fb3ed017708c51cfbb6f8be7
                                                                    • Instruction ID: f403cc7af31530f31249f66fdffb6078394d104938e429e6ee928002435eee56
                                                                    • Opcode Fuzzy Hash: 762231f58e38083b44925188538fd3aa01bb9dc3fb3ed017708c51cfbb6f8be7
                                                                    • Instruction Fuzzy Hash: 2C524B74A003068FCB14DF68C844B99B7B2FF85314F2586A9D5586F3A1DBB1AD86CF81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D2768 Relevance: .5, Instructions: 492COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c7161995c56d9c64e7e2e19e8aa80c1d42ea7fad549aa6e34f44a6de899bd334
                                                                    • Instruction ID: 6dd3ff5a6c907ca0e6368043634afe556ad5b4f177b050a6fdb775f838cd84db
                                                                    • Opcode Fuzzy Hash: c7161995c56d9c64e7e2e19e8aa80c1d42ea7fad549aa6e34f44a6de899bd334
                                                                    • Instruction Fuzzy Hash: 4B224070A10219CFCB15DF68D884A9DBBB6FF85310F15C5A5D409AB226DB30ED86CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DEF80 Relevance: .1, Instructions: 66COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9cc236ced94c49f771acd37301713976433c5a397e57233ec4f57f649ec5b3c7
                                                                    • Instruction ID: 4f90b4653094e81777142048ca9cf07ae37fb0bd96bd79a6a0b5a61360b20522
                                                                    • Opcode Fuzzy Hash: 9cc236ced94c49f771acd37301713976433c5a397e57233ec4f57f649ec5b3c7
                                                                    • Instruction Fuzzy Hash: 022109B1E016188BDB18CF9BC8542DEFBF3AFC8350F14C06AD409AA258DB701A56CF50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DEF70 Relevance: .1, Instructions: 65COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 71f9896e1c1c49665f27b34c4d259d16e3ed1a9212a417166af660ceafc9e0dd
                                                                    • Instruction ID: de9745395c2351a7bef751477c93bad083e976af149d87f0ceed7573434e1e2c
                                                                    • Opcode Fuzzy Hash: 71f9896e1c1c49665f27b34c4d259d16e3ed1a9212a417166af660ceafc9e0dd
                                                                    • Instruction Fuzzy Hash: 8321FAB1E016588BDB18CFABC9452DEBFF3AFC8301F14C16AD409AA268DA7409468F50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F49EF Relevance: .1, Instructions: 56COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cb2ff37bc46c85cfe873f097b0da2f0ac005a5b209f095e9003b208af467f3e1
                                                                    • Instruction ID: f0cfc06db24c623f8f9e2b130dfe8b1bc828913f43bddcd11505e791110fa91b
                                                                    • Opcode Fuzzy Hash: cb2ff37bc46c85cfe873f097b0da2f0ac005a5b209f095e9003b208af467f3e1
                                                                    • Instruction Fuzzy Hash: 7B111CB1E156588BEB19CFABC90439EBAF7AFC9300F04C07AC519AB358EB3408458F40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F49F8 Relevance: .1, Instructions: 55COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1057737f79b8e74a713a852c8fc9c14acd5b222d9208f1dad200da017573c95f
                                                                    • Instruction ID: dab4130b06a0b880c609e6af1c0b0f863ad27e87ba71e464aad709e9b1a1c83e
                                                                    • Opcode Fuzzy Hash: 1057737f79b8e74a713a852c8fc9c14acd5b222d9208f1dad200da017573c95f
                                                                    • Instruction Fuzzy Hash: 6711FEB1E156598BEB1CCFABC90429EBAF7AFC9300F04C079C519AB358EB3419458F50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F4A8F Relevance: 5.1, Strings: 4, Instructions: 98COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1415 77f4a8f-77f4b2a 1422 77f4b2c-77f4b38 1415->1422 1423 77f4b54 1415->1423 1425 77f4b3a-77f4b40 1422->1425 1426 77f4b42-77f4b48 1422->1426 1424 77f4b5a-77f4dbb 1423->1424 1435 77f4dbd-77f4dc9 1424->1435 1436 77f4de5 1424->1436 1427 77f4b52 1425->1427 1426->1427 1427->1424 1437 77f4dcb-77f4dd1 1435->1437 1438 77f4dd3-77f4dd9 1435->1438 1439 77f4deb-77f50a3 1436->1439 1440 77f4de3 1437->1440 1438->1440 1443 77f50a6 call 74c3598 1439->1443 1444 77f50a6 call 74c35a8 1439->1444 1440->1439 1442 77f50ac-77f50bb 1443->1442 1444->1442
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $]q$$]q$$]q$$]q
                                                                    • API String ID: 0-858218434
                                                                    • Opcode ID: eb92ecb23af0e6863b5e18c765ce4241bc922a759b7168dd37e13c6d62803211
                                                                    • Instruction ID: 78735b07700d6d2e9f010ec078bb6541817c82e63ebc0bd430aa8af0375cb0ca
                                                                    • Opcode Fuzzy Hash: eb92ecb23af0e6863b5e18c765ce4241bc922a759b7168dd37e13c6d62803211
                                                                    • Instruction Fuzzy Hash: 5441C674A00218CFDB69DFA4C990B9ABBB6FF49300F1084D5D949AB355DB345E81CF52
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D17A3 Relevance: 2.8, Strings: 2, Instructions: 274COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1707 77d17a3-77d17b2 1708 77d17b9-77d17be 1707->1708 1709 77d17b4-77d17b8 1707->1709 1710 77d17c5-77d17f8 1708->1710 1711 77d17c0-77d17c4 1708->1711 1709->1708 1713 77d17fa-77d1805 1710->1713 1714 77d1844-77d1848 1710->1714 1711->1710 1715 77d1939-77d1965 1713->1715 1716 77d180b-77d1811 1713->1716 1717 77d184e-77d1850 1714->1717 1718 77d184a-77d184c 1714->1718 1719 77d196c-77d19c8 1715->1719 1716->1719 1720 77d1817-77d1819 1716->1720 1721 77d1853-77d1857 1717->1721 1718->1721 1761 77d1b1e-77d1b22 1719->1761 1762 77d19ce-77d1a16 1719->1762 1720->1719 1722 77d181f-77d1822 1720->1722 1724 77d1859-77d185b 1721->1724 1725 77d1882-77d1884 1721->1725 1726 77d1828 1722->1726 1727 77d1824-77d1826 1722->1727 1731 77d185d-77d185f 1724->1731 1732 77d1861 1724->1732 1729 77d190b-77d190f 1725->1729 1730 77d188a-77d18bb 1725->1730 1736 77d182d-77d1833 1726->1736 1727->1736 1734 77d1918 1729->1734 1735 77d1911-77d1916 1729->1735 1745 77d18bd-77d18c0 1730->1745 1746 77d18c2-77d18c4 1730->1746 1733 77d1866-77d1881 1731->1733 1732->1733 1738 77d191b-77d1938 1734->1738 1735->1738 1739 77d183a 1736->1739 1740 77d1835-77d1838 1736->1740 1744 77d183f-77d1842 1739->1744 1740->1744 1744->1721 1745->1746 1750 77d18cd 1746->1750 1751 77d18c6-77d18cb 1746->1751 1753 77d18cf-77d18dc 1750->1753 1751->1753 1801 77d18de call 77d1b50 1753->1801 1802 77d18de call 77d1b80 1753->1802 1755 77d18e4-77d18e6 1757 77d18e8-77d1901 1755->1757 1758 77d1903-77d190a 1755->1758 1757->1758 1763 77d1b2f-77d1b42 1761->1763 1764 77d1b24-77d1b2e 1761->1764 1770 77d1a1c-77d1a35 1762->1770 1771 77d1adb-77d1adf 1762->1771 1779 77d1a3f-77d1a4d 1770->1779 1780 77d1a37-77d1a3a 1770->1780 1772 77d1b0d-77d1b10 1771->1772 1773 77d1ae1-77d1b0b 1771->1773 1774 77d1b18-77d1b1b 1772->1774 1773->1774 1774->1761 1784 77d1a4f-77d1a59 1779->1784 1785 77d1a5b 1779->1785 1781 77d1ac8-77d1ad5 1780->1781 1781->1770 1781->1771 1787 77d1a5d-77d1a5f 1784->1787 1785->1787 1788 77d1a64-77d1a88 1787->1788 1789 77d1a61 1787->1789 1791 77d1a8a-77d1a94 1788->1791 1792 77d1a96 1788->1792 1789->1788 1793 77d1a98-77d1a9a 1791->1793 1792->1793 1793->1781 1794 77d1a9c-77d1aa9 1793->1794 1795 77d1aad 1794->1795 1796 77d1aab 1794->1796 1797 77d1aaf-77d1abf 1795->1797 1796->1797 1798 77d1ac1 1797->1798 1799 77d1ac3 1797->1799 1800 77d1ac5 1798->1800 1799->1800 1800->1781 1801->1755 1802->1755
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Haq$Haq
                                                                    • API String ID: 0-4016896955
                                                                    • Opcode ID: 2a41ed5d1b4f94ebac42d5d8649e29e8448492d9d08dd28e917a01b561964911
                                                                    • Instruction ID: c527580856ac018f7c86cb80e759b904e50854969a9e2202ff80e6751f723268
                                                                    • Opcode Fuzzy Hash: 2a41ed5d1b4f94ebac42d5d8649e29e8448492d9d08dd28e917a01b561964911
                                                                    • Instruction Fuzzy Hash: 8BA1BDB0F0060A8FCB15DFA9C8449AEBBF2FF89350F5684A9E515E7250DB309D45CB92
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05714B78 Relevance: 2.7, Strings: 2, Instructions: 236COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1803 5714b78-57159da 1807 57159e3-57159f3 1803->1807 1808 57159dc-5715ab7 1803->1808 1810 57159f9-5715a09 1807->1810 1811 5715abe-5715b90 1807->1811 1808->1811 1810->1811 1812 5715a0f-5715a13 1810->1812 1831 5715b97-5715bb2 1811->1831 1814 5715a15 1812->1814 1815 5715a1b-5715a3a 1812->1815 1814->1811 1814->1815 1817 5715a61-5715a66 1815->1817 1818 5715a3c-5715a5c call 5714cdc call 5714b58 call 5714b68 1815->1818 1820 5715a68-5715a6a call 5714cec 1817->1820 1821 5715a6f-5715a82 call 5714b34 1817->1821 1818->1817 1820->1821 1821->1831 1832 5715a88-5715a8f 1821->1832 1841 5715bb4 1831->1841 1842 5715bb9-5715bc4 1831->1842 1841->1842 1843 5715bc6-5715bea call 5714cfc 1842->1843 1844 5715bed-5715c02 1842->1844 1848 5715c04-5715c07 1844->1848 1849 5715c09-5715c2b 1844->1849 1848->1849 1852 5715c34-5715c46 1849->1852 1853 5715c2d-5715c33 1849->1853 1855 5715c48 1852->1855 1856 5715c4d-5715c62 1852->1856 1855->1856 1860 5715c64-5715c69 1856->1860 1861 5715c6c-5715c90 1856->1861 1860->1861 1864 5715c92 1861->1864 1865 5715c9a 1861->1865 1864->1865
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (aq$Haq
                                                                    • API String ID: 0-3785302501
                                                                    • Opcode ID: 4a713bce7d459bb8beaa2f612b13d3f8b100d4f891cd0d45b101aacc85097930
                                                                    • Instruction ID: df43ef66628998316c2e0126f94c8b318550c0305568ca30487147f390259fdc
                                                                    • Opcode Fuzzy Hash: 4a713bce7d459bb8beaa2f612b13d3f8b100d4f891cd0d45b101aacc85097930
                                                                    • Instruction Fuzzy Hash: E681B170B052099FCB19DFACC8949AEBFF6BFC5310F148469E805AB391DB348905DB98
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05714FA8 Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1869 5714fa8-571500a call 5714324 1875 5715070-571509c 1869->1875 1876 571500c-571500e 1869->1876 1877 57150a3-57150ab 1875->1877 1876->1877 1878 5715014-5715020 1876->1878 1883 57150b2-5715116 1877->1883 1878->1883 1884 5715026-5715061 call 5714330 1878->1884 1900 5715118-571511a 1883->1900 1901 571511d-571511e 1883->1901 1894 5715066-571506f 1884->1894 1902 5715121-5715124 1900->1902 1903 571511c 1900->1903 1904 5715125-57151ed 1901->1904 1905 571511f-5715120 1901->1905 1902->1904 1903->1901 1908 57151f3-5715201 1904->1908 1905->1902 1909 5715203-5715209 1908->1909 1910 571520a-5715250 1908->1910 1909->1910 1915 5715252-5715255 1910->1915 1916 571525d 1910->1916 1915->1916 1917 571525e 1916->1917 1917->1917
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Haq$Haq
                                                                    • API String ID: 0-4016896955
                                                                    • Opcode ID: 2456e6fee76dde44af99d3a00177a7fbad6e21bdeea07a5f070d0d3a461f78bd
                                                                    • Instruction ID: 618ac6a409ed9739a8326e3e697fa9fe28571117bc1b5452e6093b1c8d620289
                                                                    • Opcode Fuzzy Hash: 2456e6fee76dde44af99d3a00177a7fbad6e21bdeea07a5f070d0d3a461f78bd
                                                                    • Instruction Fuzzy Hash: D9818D71E003199FCF08DFA9C894AEEBBF6BF89300F14816AD409AB350DB749905CB95
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D7BA0 Relevance: 2.7, Strings: 2, Instructions: 203COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1918 77d7ba0-77d7bc2 1919 77d7bcb-77d7bd5 1918->1919 1920 77d7bc4-77d7bca 1918->1920 1922 77d7bdb-77d7bf4 call 77d647c * 2 1919->1922 1923 77d7e11-77d7e3d 1919->1923 1930 77d7bfa-77d7c1c 1922->1930 1931 77d7e44-77d7e9d 1922->1931 1923->1931 1938 77d7c2d-77d7c3c 1930->1938 1939 77d7c1e-77d7c2c call 77d648c 1930->1939 1945 77d7c3e-77d7c5b 1938->1945 1946 77d7c61-77d7c82 1938->1946 1945->1946 1954 77d7c84-77d7c95 1946->1954 1955 77d7cd2-77d7cfa 1946->1955 1959 77d7cc4-77d7cc8 1954->1959 1960 77d7c97-77d7caf call 77d649c 1954->1960 1979 77d7cfd call 77d7f5b 1955->1979 1980 77d7cfd call 77d8090 1955->1980 1981 77d7cfd call 77d91b3 1955->1981 1959->1955 1967 77d7cb4-77d7cc2 1960->1967 1968 77d7cb1-77d7cb2 1960->1968 1963 77d7d00-77d7d25 1970 77d7d6b 1963->1970 1971 77d7d27-77d7d3c 1963->1971 1967->1959 1967->1960 1968->1967 1970->1923 1971->1970 1974 77d7d3e-77d7d61 1971->1974 1974->1970 1978 77d7d63 1974->1978 1978->1970 1979->1963 1980->1963 1981->1963
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Haq$Haq
                                                                    • API String ID: 0-4016896955
                                                                    • Opcode ID: 33f4ccd3f82e50db79e0c785911a019c44c3df55bc7c168152f37bcae028cafe
                                                                    • Instruction ID: 29185c10bea127e9de656ca58e05e9e7208449caba59cbbde274c282b176164a
                                                                    • Opcode Fuzzy Hash: 33f4ccd3f82e50db79e0c785911a019c44c3df55bc7c168152f37bcae028cafe
                                                                    • Instruction Fuzzy Hash: 35715C74B002098FCB19EBA4C5949ADBBF2FF89350F2444A9D406EB3A5DB35DD01CBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D7F5B Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1982 77d7f5b-77d7f66 1983 77d7f69-77d7f78 1982->1983 1984 77d7f68 1982->1984 1985 77d7f8e-77d7f90 1983->1985 1986 77d7f7a-77d7f7e 1983->1986 1984->1983 1989 77d7fbf-77d7fc1 1985->1989 1990 77d7f92-77d7fa0 1985->1990 1987 77d7fea-77d802c 1986->1987 1988 77d7f80-77d7f8c 1986->1988 2012 77d802d 1987->2012 1988->1985 1988->1986 1991 77d7fe5-77d7fe9 1989->1991 1992 77d7fc3-77d7fcf 1989->1992 1990->1989 1996 77d7fa2-77d7fa8 1990->1996 1992->1991 2000 77d7fd1-77d7fdd 1992->2000 1996->1989 1998 77d7faa-77d7fae 1996->1998 2001 77d7fb4-77d7fbd call 77d64ac 1998->2001 2002 77d8033-77d8082 1998->2002 2000->1991 2001->1989 2001->1998 2016 77d8089-77d808c 2002->2016 2017 77d8084-77d8088 2002->2017 2012->2002 2016->2012 2018 77d808e 2016->2018 2017->2016 2019 77d8091-77d80af 2018->2019 2020 77d8090 2018->2020 2021 77d80c1-77d80cd 2019->2021 2022 77d80b1-77d80bc call 77d64bc call 77d2224 2019->2022 2020->2019 2027 77d828e-77d82a0 2021->2027 2028 77d80d3-77d80e6 call 77d8521 2021->2028 2022->2021 2032 77d82a5-77d82bf 2027->2032 2031 77d80ec-77d813c 2028->2031 2047 77d813e-77d8145 2031->2047 2048 77d8146-77d8150 2031->2048 2037 77d82c1-77d82dc 2032->2037 2038 77d82e2-77d82e9 2032->2038 2037->2038 2050 77d8161-77d816f 2048->2050 2051 77d8152-77d815c 2048->2051 2053 77d819c-77d81b4 2050->2053 2054 77d8171-77d817b 2050->2054 2051->2050 2060 77d81c6-77d81ec 2053->2060 2061 77d81b6-77d81c0 2053->2061 2055 77d817d-77d8181 2054->2055 2056 77d818c-77d8196 2054->2056 2055->2056 2057 77d8183-77d818a 2055->2057 2056->2053 2057->2053 2057->2056 2065 77d81fe-77d8224 2060->2065 2066 77d81ee-77d81f8 2060->2066 2061->2060 2070 77d8236-77d8243 2065->2070 2071 77d8226-77d8230 2065->2071 2066->2065 2073 77d8255-77d8271 2070->2073 2074 77d8245-77d824f 2070->2074 2071->2070 2073->2032 2076 77d8273-77d827a 2073->2076 2074->2073 2076->2032 2077 77d827c-77d828c 2076->2077 2077->2032
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Haq$Haq
                                                                    • API String ID: 0-4016896955
                                                                    • Opcode ID: 884f03eadc5a0e4736b1b3923ac40842247f37fa9ff6cff931fa041624dd118a
                                                                    • Instruction ID: cf9a8615f521314160ffd308b811d43dfe2c9a53b2dcedb8a43b916a6ead2b05
                                                                    • Opcode Fuzzy Hash: 884f03eadc5a0e4736b1b3923ac40842247f37fa9ff6cff931fa041624dd118a
                                                                    • Instruction Fuzzy Hash: 70518D743006118FCB29EB78C85896EBBF6EF89750B1548A9E506CB365EF31DC06CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 057106E8 Relevance: 2.7, Strings: 2, Instructions: 164COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $
                                                                    • API String ID: 0-227171996
                                                                    • Opcode ID: 2ab715201a9df23db9086f5e1a9f26f43ffd47e62fa7c146e65440956407b3a8
                                                                    • Instruction ID: 9ec8900d8df4d488cd36436ca894524db5a02fb22591b0bf60cd5b2d5c721b26
                                                                    • Opcode Fuzzy Hash: 2ab715201a9df23db9086f5e1a9f26f43ffd47e62fa7c146e65440956407b3a8
                                                                    • Instruction Fuzzy Hash: 2171C135910701CFDB11DF2CD4D5A45B7B2FF85324B01C6A9E949AF22AEB75E889CB80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F4C71 Relevance: 2.7, Strings: 2, Instructions: 162COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Te]q$Te]q
                                                                    • API String ID: 0-3320153681
                                                                    • Opcode ID: 0d3c2d1a1b03fe09c38961546aa8460b86509838412d045cf6561cf9542c01d9
                                                                    • Instruction ID: c5262883591cb647d590b2bb745f3c9cfb49ce6b030c91cdc151156cd7dbbf97
                                                                    • Opcode Fuzzy Hash: 0d3c2d1a1b03fe09c38961546aa8460b86509838412d045cf6561cf9542c01d9
                                                                    • Instruction Fuzzy Hash: B85147B4E18249CFDB60DFA8D984BAEBBF5FB49340F205469D50AAB380DB305981CF50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 057106F8 Relevance: 2.7, Strings: 2, Instructions: 158COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $
                                                                    • API String ID: 0-227171996
                                                                    • Opcode ID: e593cf2be3981b33b1cfc64a97f3d09e0176d5277c811262d4bbf8edfb0c9e48
                                                                    • Instruction ID: 3650037df56b43cbbf7d26e17f38b58406627adadf4198cbef4cf0723009e3e2
                                                                    • Opcode Fuzzy Hash: e593cf2be3981b33b1cfc64a97f3d09e0176d5277c811262d4bbf8edfb0c9e48
                                                                    • Instruction Fuzzy Hash: F661BF35910601CFDB11DF2DD4D5A44B7B2FF85324B40C6A9E949AB32AEB75E889CB80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F4A78 Relevance: 2.6, Strings: 2, Instructions: 150COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Te]q$Te]q
                                                                    • API String ID: 0-3320153681
                                                                    • Opcode ID: ca1f244dd441e99b6d87077bdf047dd00e4e4489db5fff485ab4f0de56c7198f
                                                                    • Instruction ID: 4e1901dcd3b7dbcd26c57885c0fe8833ef037ed6afd6ebfbbab594627ad43655
                                                                    • Opcode Fuzzy Hash: ca1f244dd441e99b6d87077bdf047dd00e4e4489db5fff485ab4f0de56c7198f
                                                                    • Instruction Fuzzy Hash: D05138B4A14249CFDB60DFA8D984BAEBBF5FB49340F205469D50AAB385DB305981CF50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F2793 Relevance: 2.6, Strings: 2, Instructions: 103COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$4']q
                                                                    • API String ID: 0-3120983240
                                                                    • Opcode ID: 441c3d3703af46643cf8a0f97ac76cf48eb7b92861a24850c914f3616c3f540d
                                                                    • Instruction ID: 5b9a91e618af677eb76e8c2bbedafc16ac57a450a385718a4eee2e71a615e5cb
                                                                    • Opcode Fuzzy Hash: 441c3d3703af46643cf8a0f97ac76cf48eb7b92861a24850c914f3616c3f540d
                                                                    • Instruction Fuzzy Hash: E0415D35D1170A9BDB14EFB9D840ADDB7B2FF95314F618A25E1087B250EB707985CB80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F2798 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$4']q
                                                                    • API String ID: 0-3120983240
                                                                    • Opcode ID: d68d552216b1c1de0b7287e9f7cf2678e57b8db032e86dd563cb0efb25000d7f
                                                                    • Instruction ID: 0862ce2bd6ef53c5d5bf3d09862342de1d39c46d35186a96259c2537ef5bdb81
                                                                    • Opcode Fuzzy Hash: d68d552216b1c1de0b7287e9f7cf2678e57b8db032e86dd563cb0efb25000d7f
                                                                    • Instruction Fuzzy Hash: 6D415B35D1070A9BDB14EFB9D840ADDB7B2FF95310F618A25E1087B250EB706985CB80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077FFBC0 Relevance: 2.6, Strings: 2, Instructions: 63COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 3H5$3H5
                                                                    • API String ID: 0-2752242361
                                                                    • Opcode ID: b799b0428d7efab7c94a9d75b5935839352163670f0eba6af9efb34f086e5885
                                                                    • Instruction ID: f6cabaeef1aa18a4032da5c969737b59ba2cd102d2bb73a6c564093ecb2fb181
                                                                    • Opcode Fuzzy Hash: b799b0428d7efab7c94a9d75b5935839352163670f0eba6af9efb34f086e5885
                                                                    • Instruction Fuzzy Hash: F1211BB0D14219DFCB48CFAAD540AAEFBF5BF89300F14C5A9D518AB354EB309A45CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DB440 Relevance: 2.0, Strings: 1, Instructions: 760COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: [x-k^
                                                                    • API String ID: 0-2495396547
                                                                    • Opcode ID: 12b7db82782aecafee6b752ae128a43307be4817a43cc4c94c7dc8d4c259fb51
                                                                    • Instruction ID: 14b74c376e49c28455ec9fcd30461febcbab22f76899f61ca289657197feaf01
                                                                    • Opcode Fuzzy Hash: 12b7db82782aecafee6b752ae128a43307be4817a43cc4c94c7dc8d4c259fb51
                                                                    • Instruction Fuzzy Hash: 90620DF0D01B039BD7745F7485D87AE7AB1AB45384F114D9EE1FACA2A0EB7498818F42
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 074CF91C Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 074CFB5E
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2231029850.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_74c0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: CreateProcess
                                                                    • String ID:
                                                                    • API String ID: 963392458-0
                                                                    • Opcode ID: 0d8540d1d33e1a6e5cfb15527817ee0042fca7678524201ec909a3e72e7046a9
                                                                    • Instruction ID: 387674616715f8335e84682890409bfd839040a9e1feecd023a301b587114103
                                                                    • Opcode Fuzzy Hash: 0d8540d1d33e1a6e5cfb15527817ee0042fca7678524201ec909a3e72e7046a9
                                                                    • Instruction Fuzzy Hash: 23A17EB6D0021ADFDF64CF68C8417EEBBB2BF44310F1485AAD808A7250D7799985CF92
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 074CF928 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 074CFB5E
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2231029850.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_74c0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: CreateProcess
                                                                    • String ID:
                                                                    • API String ID: 963392458-0
                                                                    • Opcode ID: f3dd98bd1ff15e0c6b0d472ae7df94b5cffba659e79b1a08073946a3b158f48c
                                                                    • Instruction ID: 1eafa03110fc820b0a244bab0c71b7e3aac03d8dc60b851ff4784c818b864725
                                                                    • Opcode Fuzzy Hash: f3dd98bd1ff15e0c6b0d472ae7df94b5cffba659e79b1a08073946a3b158f48c
                                                                    • Instruction Fuzzy Hash: 75916EB6D0021ADFDF64CF68C8417EEBBB2BF44310F1485AAD808A7254D7799985CF92
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DB3E0 Relevance: 1.7, Strings: 1, Instructions: 490COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: [x-k^
                                                                    • API String ID: 0-2495396547
                                                                    • Opcode ID: e52e9ac148ee01e65df9abc2033288addfcfc1a80ef12227a02598aef064010d
                                                                    • Instruction ID: a4d3ca4f224a491bddca0fef5b97ed38a7a8e7e850a2cee262e6bba7a48dfbaa
                                                                    • Opcode Fuzzy Hash: e52e9ac148ee01e65df9abc2033288addfcfc1a80ef12227a02598aef064010d
                                                                    • Instruction Fuzzy Hash: 99227EF0905B439BD7705F6486C8BDEB6B0AB06394F214DDBD0FACA261E73498858F46
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0177ACE8 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0177AF3E
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2224157714.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_1770000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: HandleModule
                                                                    • String ID:
                                                                    • API String ID: 4139908857-0
                                                                    • Opcode ID: be3a9fc6d79381dd58dd1e22e5d17db374763c2e1b27ed0ac10a074a39dac137
                                                                    • Instruction ID: 6e041ef90210c6aab155d8f53db06f87d0852e15e7b347aa56e6376906a9a2c1
                                                                    • Opcode Fuzzy Hash: be3a9fc6d79381dd58dd1e22e5d17db374763c2e1b27ed0ac10a074a39dac137
                                                                    • Instruction Fuzzy Hash: F2714270A00B058FEB25DF6AD44475ABBF5FF88300F048A2DD58ACBA54DB75E949CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 017744E4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateActCtxA.KERNEL32(?), ref: 017759A9
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2224157714.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_1770000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: Create
                                                                    • String ID:
                                                                    • API String ID: 2289755597-0
                                                                    • Opcode ID: 129e86f62ab39892c16011464bc517919f89fbc52086c4a759d9848905354427
                                                                    • Instruction ID: 8a83e3dfc6e403cc217c925cdd6827d60e909b82542656dcbef576d3404e41e0
                                                                    • Opcode Fuzzy Hash: 129e86f62ab39892c16011464bc517919f89fbc52086c4a759d9848905354427
                                                                    • Instruction Fuzzy Hash: CA41D0B1C00719CBDB24DFA9C884B9DFBB5BF49304F20806AD418AB255DB75694ACF91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 017758EC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateActCtxA.KERNEL32(?), ref: 017759A9
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2224157714.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_1770000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: Create
                                                                    • String ID:
                                                                    • API String ID: 2289755597-0
                                                                    • Opcode ID: 8e7792852dbd8461307282cdf108e709511a4696a63d8535685f0e005f81d404
                                                                    • Instruction ID: 152043ec2ae87422d4e02728c713a41f56fb61846c90bcdd00a706405117cfb4
                                                                    • Opcode Fuzzy Hash: 8e7792852dbd8461307282cdf108e709511a4696a63d8535685f0e005f81d404
                                                                    • Instruction Fuzzy Hash: 1141F1B1C00719CEDB24DFA9C884B9DFBB5BF89304F20806AD408AB250DB75694ACF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 056B4050 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CallWindowProcW.USER32(?,?,?,?,?), ref: 056B4111
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229235227.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_56b0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: CallProcWindow
                                                                    • String ID:
                                                                    • API String ID: 2714655100-0
                                                                    • Opcode ID: 9e0c982b93fc4a672b249bd8ae42b6a4791ab07448b9b70b77b65746f0ad5bb2
                                                                    • Instruction ID: c3f23606d21d63c0bcc7147d75ad851ae610ac9684c087c777d4837d01ada98c
                                                                    • Opcode Fuzzy Hash: 9e0c982b93fc4a672b249bd8ae42b6a4791ab07448b9b70b77b65746f0ad5bb2
                                                                    • Instruction Fuzzy Hash: 094138B4900209CFDB14CF89C888AAAFBF6FF98314F24C459D519A7322D774A841CFA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 074CF698 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 074CF730
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2231029850.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_74c0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: MemoryProcessWrite
                                                                    • String ID:
                                                                    • API String ID: 3559483778-0
                                                                    • Opcode ID: ad2c93f841710c05f8f7955fa07dd36dc0f21e2d1930f9a409578fd6ffb6a7b7
                                                                    • Instruction ID: d42322bbd360f991c0ff59eb4fddcada042c64358c006d10c3c0f7b31de7ee27
                                                                    • Opcode Fuzzy Hash: ad2c93f841710c05f8f7955fa07dd36dc0f21e2d1930f9a409578fd6ffb6a7b7
                                                                    • Instruction Fuzzy Hash: 9D2137B69003499FCB10DFA9C885BEEBBF5FF48314F10842AE519A7240C7799945CBA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 074CF6A0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 074CF730
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2231029850.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_74c0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: MemoryProcessWrite
                                                                    • String ID:
                                                                    • API String ID: 3559483778-0
                                                                    • Opcode ID: 0163c0aff4e155c5acf8beb135913aa727f085db8cacd5fb5dca195a25b7f25c
                                                                    • Instruction ID: 3fe513add03821328737ca48432b19993e26892445df0364621e4393a30a5a85
                                                                    • Opcode Fuzzy Hash: 0163c0aff4e155c5acf8beb135913aa727f085db8cacd5fb5dca195a25b7f25c
                                                                    • Instruction Fuzzy Hash: B82107B69013599FCB10DFA9C885BEEBBF5FF48310F10842AE919A7250C7789945CFA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0177B6D0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0177D586,?,?,?,?,?), ref: 0177D647
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2224157714.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_1770000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: DuplicateHandle
                                                                    • String ID:
                                                                    • API String ID: 3793708945-0
                                                                    • Opcode ID: b19839450b1193f3e4126d83c4a54fbe46afa4cf8364fe67ba81ca7fccb5e190
                                                                    • Instruction ID: 0f3fd327a0bead15f7e33d0afdb0958f0f68ecdd88aaba0a8ede60683589db5d
                                                                    • Opcode Fuzzy Hash: b19839450b1193f3e4126d83c4a54fbe46afa4cf8364fe67ba81ca7fccb5e190
                                                                    • Instruction Fuzzy Hash: 3621E5B5901208AFDB10CF9AD584ADEFBF8EF48310F14841AE918A7350D378A940CFA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 074CF789 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 074CF810
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2231029850.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_74c0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: MemoryProcessRead
                                                                    • String ID:
                                                                    • API String ID: 1726664587-0
                                                                    • Opcode ID: 34f9c4febf776417e17d74f8f731fdca3dee758d5d34a140ed82bd82774936ad
                                                                    • Instruction ID: 61d981de8659595740f1e66ad167db961dad22aee76373de9fad82a133c70404
                                                                    • Opcode Fuzzy Hash: 34f9c4febf776417e17d74f8f731fdca3dee758d5d34a140ed82bd82774936ad
                                                                    • Instruction Fuzzy Hash: C1212AB5C012499FDB10DF9AC841BEEFBF5FF48310F50842AE559A7240C778A545CBA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 074CF500 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 074CF586
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2231029850.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_74c0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: ContextThreadWow64
                                                                    • String ID:
                                                                    • API String ID: 983334009-0
                                                                    • Opcode ID: 2faea7af85c6f81d2328b962d7633d62467990838521b3ba76acc59eb3eb7f22
                                                                    • Instruction ID: a71072dda1f95e8d71d53045dcc1d7a276efc2c16801e4609ff3293410a55e2e
                                                                    • Opcode Fuzzy Hash: 2faea7af85c6f81d2328b962d7633d62467990838521b3ba76acc59eb3eb7f22
                                                                    • Instruction Fuzzy Hash: 1D2114B6D002099EDB10DFAAC4847EEBBF5AF48314F14842ED519A7241C7789A45CBA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0177D5B8 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0177D586,?,?,?,?,?), ref: 0177D647
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2224157714.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_1770000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: DuplicateHandle
                                                                    • String ID:
                                                                    • API String ID: 3793708945-0
                                                                    • Opcode ID: f219e60a8d3273adab7deef31240200856d18c6708340261e5d679be5de7928a
                                                                    • Instruction ID: 9bedba41709617c92fe0c73aa6716beb463d34c2c7d6036b675f5f7a909c0cfc
                                                                    • Opcode Fuzzy Hash: f219e60a8d3273adab7deef31240200856d18c6708340261e5d679be5de7928a
                                                                    • Instruction Fuzzy Hash: 1921E5B59012489FDB10CF9AD584AEEFFF9FB48310F14841AE918A3350D378A940CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 074CF790 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 074CF810
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2231029850.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_74c0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: MemoryProcessRead
                                                                    • String ID:
                                                                    • API String ID: 1726664587-0
                                                                    • Opcode ID: 2eb8c8bb0836fde3723b0e8e179f45661bb907dda6966c9eed5bf6d7a94284b2
                                                                    • Instruction ID: 6eb786bf96b351b9c028d34b8be77752f4c18a1954718ca52d35440cde488ee2
                                                                    • Opcode Fuzzy Hash: 2eb8c8bb0836fde3723b0e8e179f45661bb907dda6966c9eed5bf6d7a94284b2
                                                                    • Instruction Fuzzy Hash: 232137B5C003499FCB10DFAAC880AEEFBF5FF48310F10842AE519A7240C778A944CBA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 074CF508 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 074CF586
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2231029850.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_74c0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: ContextThreadWow64
                                                                    • String ID:
                                                                    • API String ID: 983334009-0
                                                                    • Opcode ID: 0d82aa500a53936dd7de2bb28827935d7c7ebe99fa02b0277cd2c7e42c84dbf7
                                                                    • Instruction ID: a72ca36775d5208a67f951883c33e85f29e92c50c2397c98d6ea9cbd4f476605
                                                                    • Opcode Fuzzy Hash: 0d82aa500a53936dd7de2bb28827935d7c7ebe99fa02b0277cd2c7e42c84dbf7
                                                                    • Instruction Fuzzy Hash: AF2137B5D002098FDB10DFAAC4857EEBBF5EF48314F50842AD519A7341CB78AA45CFA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 074CEBE0 Relevance: 1.6, APIs: 1, Instructions: 60threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2231029850.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_74c0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: ResumeThread
                                                                    • String ID:
                                                                    • API String ID: 947044025-0
                                                                    • Opcode ID: 2280316d7960f87d8c834b606832220afc6d7236320ec5ceceef83eabc5a3a23
                                                                    • Instruction ID: 0988f93d21860516f843fca954058ac5a8c4492f0a80810f47426483e0b2a0aa
                                                                    • Opcode Fuzzy Hash: 2280316d7960f87d8c834b606832220afc6d7236320ec5ceceef83eabc5a3a23
                                                                    • Instruction Fuzzy Hash: B1115CB5D002098ADB24DFAAD445AEFFBF8EB88324F10841ED519A7250DB356541CBA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0177A0A8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0177AFB9,00000800,00000000,00000000), ref: 0177B1CA
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2224157714.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_1770000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: LibraryLoad
                                                                    • String ID:
                                                                    • API String ID: 1029625771-0
                                                                    • Opcode ID: e8b60f43929615d9ca1cdee4256aa6c4c9bfc97cc411563c47d3d850d510186f
                                                                    • Instruction ID: 72ed48420c140bfe9c9a8d9c4346fb256dc42cccaa33fc781d8202cbb25eb3ef
                                                                    • Opcode Fuzzy Hash: e8b60f43929615d9ca1cdee4256aa6c4c9bfc97cc411563c47d3d850d510186f
                                                                    • Instruction Fuzzy Hash: E011F6B6D043099FDB10DF9AD848BDEFBF5EB48310F10842AE519A7610C379A545CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0177B159 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0177AFB9,00000800,00000000,00000000), ref: 0177B1CA
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2224157714.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_1770000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: LibraryLoad
                                                                    • String ID:
                                                                    • API String ID: 1029625771-0
                                                                    • Opcode ID: 9f719c2cf4a2ad8007a9b7b267545edeb74e723f3e2cddc7ca19aa99c18ecb83
                                                                    • Instruction ID: 5a93fa702cd58b6a6e845f499510c0bbdb03af1967210f46863c0d624a47a5c6
                                                                    • Opcode Fuzzy Hash: 9f719c2cf4a2ad8007a9b7b267545edeb74e723f3e2cddc7ca19aa99c18ecb83
                                                                    • Instruction Fuzzy Hash: 8F1112B68003099FDB10CF9AD884B9EFBF8EB88310F14842AE519A7200C379A545CFA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 074CF5DA Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 074CF64E
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2231029850.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_74c0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: AllocVirtual
                                                                    • String ID:
                                                                    • API String ID: 4275171209-0
                                                                    • Opcode ID: ef7d60d6d3f390d17bb15adceb77e580abe84e7acf12714f67021262a95994a1
                                                                    • Instruction ID: cf8045c4e8ff87d81fca2a105121113ce5044a621cfa4e915303f4f1967df7c8
                                                                    • Opcode Fuzzy Hash: ef7d60d6d3f390d17bb15adceb77e580abe84e7acf12714f67021262a95994a1
                                                                    • Instruction Fuzzy Hash: B31159B69002499FCB10DFAAC844ADEFFF5EF48320F10841AD519A7250C779A545CFA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 074CF5E0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 074CF64E
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2231029850.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_74c0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: AllocVirtual
                                                                    • String ID:
                                                                    • API String ID: 4275171209-0
                                                                    • Opcode ID: 6220055d5b26a038638674983c896412e88bc9f232a25a611a2d8f895c0a6a43
                                                                    • Instruction ID: ac32c0ff0fe3ea341e5c7c3fb047dc29c57b8d7af10a54bcdf9ee0cb4676813f
                                                                    • Opcode Fuzzy Hash: 6220055d5b26a038638674983c896412e88bc9f232a25a611a2d8f895c0a6a43
                                                                    • Instruction Fuzzy Hash: F01137B69002499FCB10DFAAC844AEFFFF5EF48310F10881AE519A7250C779A545CFA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 074CEBE8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2231029850.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_74c0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: ResumeThread
                                                                    • String ID:
                                                                    • API String ID: 947044025-0
                                                                    • Opcode ID: 52c87e1b0018a24c77fe29bda3ace0cd492189266ea7f2cb32e9377826717422
                                                                    • Instruction ID: 54118c99bfb6689f7a19456510090cd938228a01b6b069b9ecfe47a1c76eb35e
                                                                    • Opcode Fuzzy Hash: 52c87e1b0018a24c77fe29bda3ace0cd492189266ea7f2cb32e9377826717422
                                                                    • Instruction Fuzzy Hash: 651128B5D002498BDB20DFAAC4457EEFBF9EF88314F24881AD519A7240CB79A544CBA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0177AED8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0177AF3E
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2224157714.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_1770000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: HandleModule
                                                                    • String ID:
                                                                    • API String ID: 4139908857-0
                                                                    • Opcode ID: b7886f848534732ccfb6ca1e7cb4648b4abcfdefa7c504f0a5e387a66aa3b490
                                                                    • Instruction ID: 6188f66405198a79f30c25ed90d5775a870eb58ff837ee076a3c18b29e10eedc
                                                                    • Opcode Fuzzy Hash: b7886f848534732ccfb6ca1e7cb4648b4abcfdefa7c504f0a5e387a66aa3b490
                                                                    • Instruction Fuzzy Hash: F31110B6C002498FDB10DF9AD444ADEFBF8EF88314F14842AD519A7240C379A545CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05714CEC Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Haq
                                                                    • API String ID: 0-725504367
                                                                    • Opcode ID: 228708ec3402c43fb10c3b6e1fabfb5c0ba82b94921f3f319a37d141e5bf632a
                                                                    • Instruction ID: eb15e0f7c99a025a6b5eb51dde924de7a68afeec1fe02a023c496d912cc8198a
                                                                    • Opcode Fuzzy Hash: 228708ec3402c43fb10c3b6e1fabfb5c0ba82b94921f3f319a37d141e5bf632a
                                                                    • Instruction Fuzzy Hash: B14160B0A003099FCB14DFADD444AAEBBF9FF88310F108469E809A7750DB35E945CBA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DDDA8 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Haq
                                                                    • API String ID: 0-725504367
                                                                    • Opcode ID: d48b8662acd6ddd079828b4f4a681a603b456509e1e5a010fbe9730de2e1dbe7
                                                                    • Instruction ID: 0d778adcfa61aad62531fb3306e696062863a163b8de518b121757996479e3f4
                                                                    • Opcode Fuzzy Hash: d48b8662acd6ddd079828b4f4a681a603b456509e1e5a010fbe9730de2e1dbe7
                                                                    • Instruction Fuzzy Hash: 103101763001159FCB169FA8C85467F7ABBEBD9350F158826E806DB295DE38CC46C3D2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DE8A8 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Haq
                                                                    • API String ID: 0-725504367
                                                                    • Opcode ID: 81b104e2ee2fb24e4c86490565f1ba4f2c4bd84d8d998dd9dfa91008ffb5eef8
                                                                    • Instruction ID: efdb82e1745d6039b8e8a162b9c17cca121786e727d77b24f7b88939b4d2ce5b
                                                                    • Opcode Fuzzy Hash: 81b104e2ee2fb24e4c86490565f1ba4f2c4bd84d8d998dd9dfa91008ffb5eef8
                                                                    • Instruction Fuzzy Hash: F82109B17056539FC7669F69801023E7AF7BFC4740B08896AD4099B784CF74AC42C7E6
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F6647 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 8aq
                                                                    • API String ID: 0-538729646
                                                                    • Opcode ID: 660dcfde1bb218b8ecc07d0425f76d96ae14a56eac7b73e2eb478824f6f846a6
                                                                    • Instruction ID: 160a66a82d21e4e0abfe1d9319e2ebf0e45953caa313221a8a065ba5daf89c09
                                                                    • Opcode Fuzzy Hash: 660dcfde1bb218b8ecc07d0425f76d96ae14a56eac7b73e2eb478824f6f846a6
                                                                    • Instruction Fuzzy Hash: 8F3136B4D14209CFCB00CFA9D5406EEBBF9FB89344F109829D519AB390EB345A40CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F6658 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 8aq
                                                                    • API String ID: 0-538729646
                                                                    • Opcode ID: 46a8b9cc9555e1711fedafd9133e68bac178bb1ea82994bb28799c3301580be4
                                                                    • Instruction ID: 01e5bf9b7b7f48d0c73d0a25faba7e7c3e65693235564078189e11dfcb1a03bb
                                                                    • Opcode Fuzzy Hash: 46a8b9cc9555e1711fedafd9133e68bac178bb1ea82994bb28799c3301580be4
                                                                    • Instruction Fuzzy Hash: B6314AB4D14209CFCB00DFA9D5406EEBBF9FB89344F109469D515A7390EB345A40CF91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D5870 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q
                                                                    • API String ID: 0-1259897404
                                                                    • Opcode ID: dc30c06610a64468628e56ec83c151c35faa98f06309db07dfda9ae6ce96710d
                                                                    • Instruction ID: 4d2bd7c07bb29edc524d489d2cf67419b2a5b578e595be1f1e2642090aeedec7
                                                                    • Opcode Fuzzy Hash: dc30c06610a64468628e56ec83c151c35faa98f06309db07dfda9ae6ce96710d
                                                                    • Instruction Fuzzy Hash: 3C11E0B0A143899FCB1ADB78E84948C7FF4FB82100F1041E9DC419B3A2EB341D09DB42
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F2DD0 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (aq
                                                                    • API String ID: 0-600464949
                                                                    • Opcode ID: d17a3dad407f2475486a2b2076af573c1d0ed86ad180d1cfa2f5f92f2dcda31a
                                                                    • Instruction ID: f10229331cdf1c659658d9ee2665e97d932e5c0e2cdbc59f28cec56d4be066b0
                                                                    • Opcode Fuzzy Hash: d17a3dad407f2475486a2b2076af573c1d0ed86ad180d1cfa2f5f92f2dcda31a
                                                                    • Instruction Fuzzy Hash: 80019E31E1421B8FCB40DFB888151EEBFB2BF96211B108466D509B7241EB301A068B91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D5890 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q
                                                                    • API String ID: 0-1259897404
                                                                    • Opcode ID: e90dc9bd3f2fb1b1753e7d2050f4442d43ed2bfc2f082f5e28839809c535c82d
                                                                    • Instruction ID: d9f463186c9156da5102c692eacae8e15922173711ecfea90ac3484a4a277f7d
                                                                    • Opcode Fuzzy Hash: e90dc9bd3f2fb1b1753e7d2050f4442d43ed2bfc2f082f5e28839809c535c82d
                                                                    • Instruction Fuzzy Hash: 2701BCB0A11209EFCB59EFB8E55949CBFB9FB81200B1080A9DC059B3A0EF345E49CB51
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D58A0 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q
                                                                    • API String ID: 0-1259897404
                                                                    • Opcode ID: 78c488fd5bc8c6a0fd8e113ec1a63705ad8253d95835d22a16f2a4705caf606b
                                                                    • Instruction ID: 52710ab0966c7ab2c256ce6bbe05b88e6741a0d88d030bd0d845a21090e67df9
                                                                    • Opcode Fuzzy Hash: 78c488fd5bc8c6a0fd8e113ec1a63705ad8253d95835d22a16f2a4705caf606b
                                                                    • Instruction Fuzzy Hash: D8F08C70A1120ADFCB48EFB8E55589CBFF8FB84200B2081A9D8059B360EF345E48DB41
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571B910 Relevance: .7, Instructions: 733COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c34385975f998ff1f524b8a6fb9b07e0d68ec84b2513341c7518c2c61443b377
                                                                    • Instruction ID: 054988ce5dde03c449699418fecbf8d91446a7526e70824366e8c3fb5a30a6d2
                                                                    • Opcode Fuzzy Hash: c34385975f998ff1f524b8a6fb9b07e0d68ec84b2513341c7518c2c61443b377
                                                                    • Instruction Fuzzy Hash: E8723331910609CFDB15EF78C858AADB7B1FF45314F048299D549AB265EF30AACACF81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05718890 Relevance: .6, Instructions: 551COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 34cf2b100c8d524cfaa482ea33847790d9852b8af2ba6a3a6159b7a7543b92c8
                                                                    • Instruction ID: 6756c5665afca0ec75d304e7ae85ee885e36b86ddedfa86e87ec946027b9af32
                                                                    • Opcode Fuzzy Hash: 34cf2b100c8d524cfaa482ea33847790d9852b8af2ba6a3a6159b7a7543b92c8
                                                                    • Instruction Fuzzy Hash: 3E42E831E10619CBCB24DF68C8946EDF7B1FF89304F108699D859BB261EB70AA85CF45
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571D5A8 Relevance: .5, Instructions: 500COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fd37b309955c72edd8fbbbf4522e9dea41f5aa142ef26db6ce501e838394dcac
                                                                    • Instruction ID: 67066cffac295e9528b7740c6cd010aef85547deeb94969179bc1ff8c55bd199
                                                                    • Opcode Fuzzy Hash: fd37b309955c72edd8fbbbf4522e9dea41f5aa142ef26db6ce501e838394dcac
                                                                    • Instruction Fuzzy Hash: 79221934A10215CFCB24DF68C898B9DB7B2FF89304F1485A8D80AAB365DB71AD45DF54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571BA40 Relevance: .4, Instructions: 418COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 61883530666cb1e09c50d8c028da8f9ffa1fe1edc22c739372dd3f138fad3c64
                                                                    • Instruction ID: fb44dd585e9070b9654f82ac2ea7aa03b463b5cad052577d2efc8e1f19fcd2a1
                                                                    • Opcode Fuzzy Hash: 61883530666cb1e09c50d8c028da8f9ffa1fe1edc22c739372dd3f138fad3c64
                                                                    • Instruction Fuzzy Hash: 53121F319006198FDB15DF68C898A9DB7B1FF45314F048199D94AAB259EF30AECACF81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D2757 Relevance: .4, Instructions: 410COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cfdf1592e50f0d915ffe3643d1a43d2c8a8df4db8bca9ad039ec1cfd979fd898
                                                                    • Instruction ID: da8cedc1beeff8407b34f9eec95bc08b65ba80b60100c23b530981cb3f65fb6f
                                                                    • Opcode Fuzzy Hash: cfdf1592e50f0d915ffe3643d1a43d2c8a8df4db8bca9ad039ec1cfd979fd898
                                                                    • Instruction Fuzzy Hash: 6E023170A10219CFCB15DF68D894A9DBBB2FF89310F1585A5D409AB366DB30ED86CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D1B80 Relevance: .4, Instructions: 370COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 497b2e5b914c668f14e60b8d99339f54dd61d1ae7e3f7e5d4dfaea5686ee7e9d
                                                                    • Instruction ID: 3e73fa416cc484bfe6fa8c01965570a9c12db3a3403392c032e4d32efc59b4c7
                                                                    • Opcode Fuzzy Hash: 497b2e5b914c668f14e60b8d99339f54dd61d1ae7e3f7e5d4dfaea5686ee7e9d
                                                                    • Instruction Fuzzy Hash: D8F1F5B4A0060ADFCB14CFA9C9849AEB7F2FF48350F518565E819EB265D730ED51CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D0013 Relevance: .4, Instructions: 360COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f9f1d836c174d427da17b82b138c4ac6fdc69d268a3e5408128c2ae99b201d40
                                                                    • Instruction ID: 9170b5e03516a6dd0b099fd1ac4c72602dcdf28a96764d8a74211e29deec4135
                                                                    • Opcode Fuzzy Hash: f9f1d836c174d427da17b82b138c4ac6fdc69d268a3e5408128c2ae99b201d40
                                                                    • Instruction Fuzzy Hash: 29E124B4B21601CFCB2A9F74C45866D7BF6BF9A241F1058AEE406DB360DB72AC41DB11
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D001F Relevance: .4, Instructions: 359COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cad70000c5af2d2edc7cfcef0142471d548824edc030ce1290aafbf883d9bd45
                                                                    • Instruction ID: 70bae32994e42fdd9cf7a9cd68614f2b17fdcd94a543188e08c68ffbc7654705
                                                                    • Opcode Fuzzy Hash: cad70000c5af2d2edc7cfcef0142471d548824edc030ce1290aafbf883d9bd45
                                                                    • Instruction Fuzzy Hash: B9E123B4B21201CFCB2A9F74C45866D7BF6BF9A241F1058AEE406DB360DB72AC41DB11
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D23A1 Relevance: .3, Instructions: 341COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5be6e29aa7dc2417ad830bba3ee342af2b9b78fb3fba4a03e1670a99f241de1d
                                                                    • Instruction ID: d7ed6db142a721eb47961c63df34a5489b50fe4949f7e0f7c33bd62587cd6986
                                                                    • Opcode Fuzzy Hash: 5be6e29aa7dc2417ad830bba3ee342af2b9b78fb3fba4a03e1670a99f241de1d
                                                                    • Instruction Fuzzy Hash: 6CC1DFB1A04206CFC716CF68C88496ABBF5FF85350B15896AD445CB652DB30EC8BCBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D9DB0 Relevance: .3, Instructions: 333COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7e064372e4e0d84d990818993e1bc794af918ae1c51959dbd4f02a9ed54d6f0f
                                                                    • Instruction ID: d17e1e9e2ebe2e00d67a9f74b543b62b62c43a30db6a929fda5e0ee2bdf02434
                                                                    • Opcode Fuzzy Hash: 7e064372e4e0d84d990818993e1bc794af918ae1c51959dbd4f02a9ed54d6f0f
                                                                    • Instruction Fuzzy Hash: 06F1E971D1061A8FCF10DFA4C8546EDB7B5FF49300F1186AAE509B7255EB70AA89CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D9E40 Relevance: .3, Instructions: 332COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: be3b82db75aac6000901fe7a4a189be3faac8972c8cc01c3a23a9d745efd0335
                                                                    • Instruction ID: bbcb6992f3d042c1930facd604069f1ef6041ff207c1c9868858ce425b545d25
                                                                    • Opcode Fuzzy Hash: be3b82db75aac6000901fe7a4a189be3faac8972c8cc01c3a23a9d745efd0335
                                                                    • Instruction Fuzzy Hash: D4F1B871D1061ACBCF10DFA8C854AEDB7B5FF49300F1186A9E559B7214EB70AA89CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05718881 Relevance: .3, Instructions: 330COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: df27a80679d5f5fc89bb6b1d73fe7ed9e190afe64853961ebcee0b52cf3b374d
                                                                    • Instruction ID: de6b11a47e00dfda2ba87a2727b770f70d81755a11e47944df4ba5ce66a90424
                                                                    • Opcode Fuzzy Hash: df27a80679d5f5fc89bb6b1d73fe7ed9e190afe64853961ebcee0b52cf3b374d
                                                                    • Instruction Fuzzy Hash: C0E10A31E10619CFCB24DF68C994AEDB7B2BF49300F1086A9D859BB251EB30AD85DF45
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D9E30 Relevance: .3, Instructions: 305COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 366040afc544a5505563abb8511fd61feb296a39c6c21e4c087d68a6166fd0d8
                                                                    • Instruction ID: 2c46056fbbecd2506146cd58e907da68af5c8024c9c80a71f68f350d503a0ae1
                                                                    • Opcode Fuzzy Hash: 366040afc544a5505563abb8511fd61feb296a39c6c21e4c087d68a6166fd0d8
                                                                    • Instruction Fuzzy Hash: B4E1D971D1061A8FCF10DFA8C8546EDB7B5FF89300F1186A9E559B7214EB70AA89CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571EB60 Relevance: .3, Instructions: 290COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 05bc17738b7fc6821d56e69461d986479fa8b4064d1eef8b3e31145c903526e2
                                                                    • Instruction ID: 6a622ca25e1d3baebb9c14e037907be891894dc04e9fc89112df43f05aec6ded
                                                                    • Opcode Fuzzy Hash: 05bc17738b7fc6821d56e69461d986479fa8b4064d1eef8b3e31145c903526e2
                                                                    • Instruction Fuzzy Hash: E2C18D34A00219CFCB05DFE8D894AADBBB6FF89300F148569DC05AB368DB74AD45DB94
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571D1E0 Relevance: .3, Instructions: 268COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fec14e48ec20a59c3207a876d613d82c82c362098c34796dd68818219acb2b68
                                                                    • Instruction ID: 54dae9bb4b92b6f4e39e0a33c3646647c5c844ee82d7f969026cf5edba708aa0
                                                                    • Opcode Fuzzy Hash: fec14e48ec20a59c3207a876d613d82c82c362098c34796dd68818219acb2b68
                                                                    • Instruction Fuzzy Hash: 4FC11C34A10619CFCB14DF69C884A9DF7B1FF89304F5586A9D849AB221EB70ED85CF41
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D8090 Relevance: .2, Instructions: 219COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 027426f711a3dff04f91ac82592c89362b9afaf5cdc6ef5d449a733f2f9f3f50
                                                                    • Instruction ID: 6c114add1eb098d89b52d93b064e915d391f3faa23ebdec3960f0f2b0149ae28
                                                                    • Opcode Fuzzy Hash: 027426f711a3dff04f91ac82592c89362b9afaf5cdc6ef5d449a733f2f9f3f50
                                                                    • Instruction Fuzzy Hash: 478111783106018FCB08EF68D998A697BF6FF89A40B1545A9E502CB372DB71EC45CB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571D1D0 Relevance: .2, Instructions: 216COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ace9613f6eb3696b1165b29460dbe1a7436cd615cc5d45d43dc5c9c504c65cbe
                                                                    • Instruction ID: c9e19e529032745e49ba5baf7232813d8c97f95dfeeaea9b83c59af7724f31ad
                                                                    • Opcode Fuzzy Hash: ace9613f6eb3696b1165b29460dbe1a7436cd615cc5d45d43dc5c9c504c65cbe
                                                                    • Instruction Fuzzy Hash: BDA1E935E10619CFCB24DF69C884A9DF7B1FF89314F158699D849AB221EB70AE85CF40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571B291 Relevance: .2, Instructions: 204COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9bc114a37661bd339e13ae2751099936d716173dfe9cfbe36b1b4c5ffd201abd
                                                                    • Instruction ID: 4fa0e782d4b736030454518365d7269b2fb61f3dcbb39a51161ae26eca3ba130
                                                                    • Opcode Fuzzy Hash: 9bc114a37661bd339e13ae2751099936d716173dfe9cfbe36b1b4c5ffd201abd
                                                                    • Instruction Fuzzy Hash: 0891EB7191070ADFCB41DF68C880999FBF5FF49310B14C79AE859AB255E770E985CB80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571A621 Relevance: .2, Instructions: 184COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d988fbfc4984b37f3f38620075de7b30e90f0dd33b8f4b1938fdb3cad84b5f7d
                                                                    • Instruction ID: f1d7aa8cae00f67d1268f03ef53a913c8f1ac32ebe4cdb5afdafd7a5706f6577
                                                                    • Opcode Fuzzy Hash: d988fbfc4984b37f3f38620075de7b30e90f0dd33b8f4b1938fdb3cad84b5f7d
                                                                    • Instruction Fuzzy Hash: AE71CCB9600A00CFC718DF29C598959BBF2FF8930471589A9E54ACB372DB72EC45CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D9A78 Relevance: .2, Instructions: 183COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: df7c55eac0e6c1c5927e186d3b396e70c193daeb2fde80709d04c717061c6a50
                                                                    • Instruction ID: ae987cad193be2c2cf6c9e4083a6d08f613d0b22e5d9cb58b954f865a679913b
                                                                    • Opcode Fuzzy Hash: df7c55eac0e6c1c5927e186d3b396e70c193daeb2fde80709d04c717061c6a50
                                                                    • Instruction Fuzzy Hash: D3716A71A0060A8FDB14DFB9C8586ADBBB1FF89340F158529E506BB250EB74AD45CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571A440 Relevance: .2, Instructions: 172COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c379bae2d6eea7961eca19844f32e1f0dfd895cf5047b32c9a1ec2457da91f08
                                                                    • Instruction ID: b44dd62f772429289a3cff5ca502836053b2035423f645ba863a8ef43778bf92
                                                                    • Opcode Fuzzy Hash: c379bae2d6eea7961eca19844f32e1f0dfd895cf5047b32c9a1ec2457da91f08
                                                                    • Instruction Fuzzy Hash: 80719E74A052068FCB14CF69D584A99FBF1BF48310B5986A9E80ADB352D734EC85CF94
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D1589 Relevance: .2, Instructions: 170COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5e61c5bd5572b02fe310364cd3a8d458d4820e8ac944395621274065f48642db
                                                                    • Instruction ID: 54179f73b39da5513c2c4124a64f59ddde1a0f0fbe3873cacd24e771b75c56ba
                                                                    • Opcode Fuzzy Hash: 5e61c5bd5572b02fe310364cd3a8d458d4820e8ac944395621274065f48642db
                                                                    • Instruction Fuzzy Hash: 00616070A10619CFDB10DFB8C8599AEFBB5FF89300F14856DE446AB355EB30A985CB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571D598 Relevance: .2, Instructions: 168COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 137bfae94a9ed59cce11297abea0e71f3feed0013f6e0855831dee12f7c2d728
                                                                    • Instruction ID: 60faf91b7dd107772099f36b372155021b824bda0cdd03ba0535f5e2b1a4e305
                                                                    • Opcode Fuzzy Hash: 137bfae94a9ed59cce11297abea0e71f3feed0013f6e0855831dee12f7c2d728
                                                                    • Instruction Fuzzy Hash: 4C6166307102018FDB24EF68C898B9D77F6FF89310F1486B8D94A9B3A5DB71A849CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D15A0 Relevance: .2, Instructions: 160COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bca4bf181b3618a97cd5d57cd34b2ea1aa06a861deb42bc39de0eb9c2073f772
                                                                    • Instruction ID: acf7fbcc9ce160efde9b19050bd77f3963720cd3f19190594fa0fe53d8b3e53e
                                                                    • Opcode Fuzzy Hash: bca4bf181b3618a97cd5d57cd34b2ea1aa06a861deb42bc39de0eb9c2073f772
                                                                    • Instruction Fuzzy Hash: 29615171A10619CFDB10DFA8C8599AEFBB5FF89300F108529E446A7354EF30A995CB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05714330 Relevance: .2, Instructions: 158COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 52544b6bcbc3c52361cbabe7535ae00d97605ac5d95d80d64e36435af60169b5
                                                                    • Instruction ID: 8bb59c334def4043e9803acf21f0b769144c07df51bed82e29df96a4f25050b9
                                                                    • Opcode Fuzzy Hash: 52544b6bcbc3c52361cbabe7535ae00d97605ac5d95d80d64e36435af60169b5
                                                                    • Instruction Fuzzy Hash: EA514F71E002499FCF14DFADD948AAFBFFAEF89710F108429E815E7250DA749905CBA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DAD38 Relevance: .2, Instructions: 150COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ff5b12add1fa6abceb834dd6cc9e79ac84107d44e854478ab5fcc71a4adfd021
                                                                    • Instruction ID: 06f41cee0564101e567a36119bc20b2019f8da9ed34bb2c29f6f695787801248
                                                                    • Opcode Fuzzy Hash: ff5b12add1fa6abceb834dd6cc9e79ac84107d44e854478ab5fcc71a4adfd021
                                                                    • Instruction Fuzzy Hash: EF517271A0011A8FCB14EFA8C8548EEF7B5FF89350B15C61AE915BB214EB30EE55CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D7317 Relevance: .2, Instructions: 150COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d6393a050843febf4df032e3ecc565ce49ff4579c411b8970439401eaad01264
                                                                    • Instruction ID: 6f15f330ad7a7d748ac789a5297c5e772736f89c92beecdbcc8ea24be52249ac
                                                                    • Opcode Fuzzy Hash: d6393a050843febf4df032e3ecc565ce49ff4579c411b8970439401eaad01264
                                                                    • Instruction Fuzzy Hash: 4061D9B5A011099FCB19CFA8D988BADBBF2FF4C340F208555E915AB2A4D7719D41CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D7320 Relevance: .1, Instructions: 146COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 506a680d136809e894f99d3cc0d055425af8aff03910e666df26942f2cc1994e
                                                                    • Instruction ID: b55698ac7756525564d38153759ed3439c72543e1290d7ca900bebcecbc5c16f
                                                                    • Opcode Fuzzy Hash: 506a680d136809e894f99d3cc0d055425af8aff03910e666df26942f2cc1994e
                                                                    • Instruction Fuzzy Hash: 5C61EAB5A011099FCB19CFA8D988B9DBBF2BF4C340F208555E915AB3A4D7319D41CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D45CF Relevance: .1, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9264fe258fd05053b0f1b83ec551c16d0126dc0a3e7976190d90c974bd35c126
                                                                    • Instruction ID: d2d2e99a3f34e5cd917f03ba721f071b2319e5ead7710573d07a90ca2cdfeb0e
                                                                    • Opcode Fuzzy Hash: 9264fe258fd05053b0f1b83ec551c16d0126dc0a3e7976190d90c974bd35c126
                                                                    • Instruction Fuzzy Hash: DE51DC74A00146CFCB04DF68C498EAEB7F6FF89700F1585A5D916AB366DA75EC02CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D45E0 Relevance: .1, Instructions: 139COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 52105e3623978709c467e92fdf844339aed47eafe420cf03678578a01d84575d
                                                                    • Instruction ID: 3c0dfd8aecc8fb75b5111b64fd4255e10f88e96b639dcb5f59d6bb9b18640941
                                                                    • Opcode Fuzzy Hash: 52105e3623978709c467e92fdf844339aed47eafe420cf03678578a01d84575d
                                                                    • Instruction Fuzzy Hash: FC51D874A00146CFCB04DF68C498EAEB7B6FF88700F1185A5E916AB365DA75EC02CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05714D24 Relevance: .1, Instructions: 130COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0f795c9c4f00bd32bd14d8ae4bbdf8b7606490a3db194ebd2f698f88948cdc2f
                                                                    • Instruction ID: af7971e700f82a17c42b39c1f9f82bdb4d7aba05bcf5e7ce1c8afa53d5d2a34b
                                                                    • Opcode Fuzzy Hash: 0f795c9c4f00bd32bd14d8ae4bbdf8b7606490a3db194ebd2f698f88948cdc2f
                                                                    • Instruction Fuzzy Hash: 9831DE70A12218DFCB14DFA8E4889ADFBB2FF85301F1184A9E85277751CB349865DB44
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05711220 Relevance: .1, Instructions: 124COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a34e14de39af1ce8045b9e5bbd6952b0ee79af2bef65a21b7435c453f4448110
                                                                    • Instruction ID: f82c12d80ee663bd772f95c750952a67eec30e8f353fa99068e0662ede47c625
                                                                    • Opcode Fuzzy Hash: a34e14de39af1ce8045b9e5bbd6952b0ee79af2bef65a21b7435c453f4448110
                                                                    • Instruction Fuzzy Hash: 37418C34E00219CFDB15DFA9E854AEDBBB1FF88724F184129D901EB314DB349946DBA8
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D8560 Relevance: .1, Instructions: 121COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ce4f078d0dd39ecd67f6c91d05bb4d1220a2a82ac0e70365a2ce1d6fcf3c604b
                                                                    • Instruction ID: ea66f435573b29b2e35cd3610f77565cc7e96eb149c966f1fb3502f145bdae4b
                                                                    • Opcode Fuzzy Hash: ce4f078d0dd39ecd67f6c91d05bb4d1220a2a82ac0e70365a2ce1d6fcf3c604b
                                                                    • Instruction Fuzzy Hash: CF4181B5E01215CFDF14EFB4C0546ADBAB2EB88364F144469D402AB355CB758D81CB97
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 057117B8 Relevance: .1, Instructions: 116COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e316816b83de29205c9f94dcdadf4ec43d609b768940ddc114767aedf4616621
                                                                    • Instruction ID: 7e842a3b72108e6d09d46257700ff5019fd5939d6dc610fc62e85dd98a4bc6fa
                                                                    • Opcode Fuzzy Hash: e316816b83de29205c9f94dcdadf4ec43d609b768940ddc114767aedf4616621
                                                                    • Instruction Fuzzy Hash: FC41F370905349CFDB10EFA9D414BEEBFF1EF49310F10846ADA45AB351CA78A845CBA6
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571A3D8 Relevance: .1, Instructions: 114COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f3fe26036c9fdab5ad155f5c17e5a2501f73fff70941b071b38ce50d3c53fe63
                                                                    • Instruction ID: 6a48487f605581302f96e1f3905af3d48f09f7ca85f7ab3bfed394bcd1fe6aca
                                                                    • Opcode Fuzzy Hash: f3fe26036c9fdab5ad155f5c17e5a2501f73fff70941b071b38ce50d3c53fe63
                                                                    • Instruction Fuzzy Hash: 574104746052018FC715CF2CD588A98FBF2FF49314B1986A9E80ACB762D735EC85DB84
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05710040 Relevance: .1, Instructions: 112COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b1554fa0ff489beebd1f572a89363c86cd5854a1bf34b1a6fc2b9a1f6098fc45
                                                                    • Instruction ID: c2809a650add69db314856e0d8677e3f08d33e73d43c4cec9f44f962c2e78119
                                                                    • Opcode Fuzzy Hash: b1554fa0ff489beebd1f572a89363c86cd5854a1bf34b1a6fc2b9a1f6098fc45
                                                                    • Instruction Fuzzy Hash: FE410830B112199FCB19DFBCD8886EEB7F2AF49300F104529E906E7360EB759981DB94
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05710007 Relevance: .1, Instructions: 110COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: abfb9735e3afff45f97577ce63a7b78077e88aff9cfbafa67231f8a6c0ec98c7
                                                                    • Instruction ID: 09a7a2e68f813a386d798c9aa55069c4d5f957e26ca9b09df0c76ae1b27eed1d
                                                                    • Opcode Fuzzy Hash: abfb9735e3afff45f97577ce63a7b78077e88aff9cfbafa67231f8a6c0ec98c7
                                                                    • Instruction Fuzzy Hash: 8E41F131F053459FCB16CB7CD8586ADBBF2AF4A300F0544AAE841EB2A1EB759C85DB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05719518 Relevance: .1, Instructions: 109COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b1a1fbead995b3645a35adaac30462e986134d6c3b69e27a182b96f567f65ad0
                                                                    • Instruction ID: 04766e0110b3e1f26e23a08ce4be92be67edf54ed314ad9390f955d65f757ecd
                                                                    • Opcode Fuzzy Hash: b1a1fbead995b3645a35adaac30462e986134d6c3b69e27a182b96f567f65ad0
                                                                    • Instruction Fuzzy Hash: 44413134A10709CFCB04EF78C9549DDBBB6FF85304F018569E5159B325EB71A946CB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F2E58 Relevance: .1, Instructions: 106COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9a56d3bb52ab514df3ea55007a159e8c26f748e6a871500e1d3690d99f8377e5
                                                                    • Instruction ID: 6ff506b84f853bdde7183c42ffd91dba239bc0bc9f4c3e9a8af145b96b18e3d8
                                                                    • Opcode Fuzzy Hash: 9a56d3bb52ab514df3ea55007a159e8c26f748e6a871500e1d3690d99f8377e5
                                                                    • Instruction Fuzzy Hash: 42414A71E2110A8BDB18DFA9D554AEEBBF2BF88750F148469E511BB395CB309C05CFA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 057153F4 Relevance: .1, Instructions: 103COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f7c957cf492f3e0521e10f9dc5bfadff5b4771aaffbf0f114fcef24f833f9984
                                                                    • Instruction ID: b914158867b995affe840a98c8063f65ec1d9eb0f226ec6b8c044f0251986a41
                                                                    • Opcode Fuzzy Hash: f7c957cf492f3e0521e10f9dc5bfadff5b4771aaffbf0f114fcef24f833f9984
                                                                    • Instruction Fuzzy Hash: CE4115B1D01308DBDB24CFA9C584ADDFBB6BF48704F64802AD808BB214D7756A4ACF95
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05717297 Relevance: .1, Instructions: 102COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3b5b60f1e9fcc2afdd1d80258606595aa14c262e0f759249903204f88b174322
                                                                    • Instruction ID: 362ba1c30a5b9da2f5728039a03f39df9efd63f2f5054dc44de5e93cfc5f5ca8
                                                                    • Opcode Fuzzy Hash: 3b5b60f1e9fcc2afdd1d80258606595aa14c262e0f759249903204f88b174322
                                                                    • Instruction Fuzzy Hash: CE41FA75A0020A9FCB44DF68D48499EFBB5FF49310B14C695E918EB311E730E985CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05719528 Relevance: .1, Instructions: 101COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e71dbde7745864f29970f52b62a7bd54351c61a4633e0114c0315826e2af4bce
                                                                    • Instruction ID: a3711d2f28201eb40d1719cdee91c8b1f785b5acb332c06ecfbfce83a0ad9314
                                                                    • Opcode Fuzzy Hash: e71dbde7745864f29970f52b62a7bd54351c61a4633e0114c0315826e2af4bce
                                                                    • Instruction Fuzzy Hash: F8412E34A10709CFCB04EF68C8949DDFBB6FF89304F108569E515AB325EB71A986CB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571A42F Relevance: .1, Instructions: 100COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 62102f65c726b2988c88449c4114bcdb2dbe343eb7ed8699fc83817b38f53f3a
                                                                    • Instruction ID: e91a0ec93dff63da1be5a6afc34734be345c48faa0dfd09c616d63c82c991724
                                                                    • Opcode Fuzzy Hash: 62102f65c726b2988c88449c4114bcdb2dbe343eb7ed8699fc83817b38f53f3a
                                                                    • Instruction Fuzzy Hash: B2413674A052068FC714CF6CC584AA9FBF1FF49310B1986AAE84ADB352D730EC85DB94
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DA490 Relevance: .1, Instructions: 99COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1face70afec9de1b110d9e0b5b36d534bed01a7fac62a51d0de354ad8baca435
                                                                    • Instruction ID: 02076d9e7b27ea2b45f936b1e7cebee713275275c7bbfe7b690de0fb5c227ba3
                                                                    • Opcode Fuzzy Hash: 1face70afec9de1b110d9e0b5b36d534bed01a7fac62a51d0de354ad8baca435
                                                                    • Instruction Fuzzy Hash: 6B412B31A20609DFCB04EFA8D9459DDBBB1FF49341F11C629E945B7250EB30AA98CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571436C Relevance: .1, Instructions: 99COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 70e7fb8cfb194e99fb359b7304d1b015289c1644ed675327bf579aa654e42e24
                                                                    • Instruction ID: 68346c75f76617d7e99d97994d349d45c2e6c8677b64d8cc1feaa829f6d3d881
                                                                    • Opcode Fuzzy Hash: 70e7fb8cfb194e99fb359b7304d1b015289c1644ed675327bf579aa654e42e24
                                                                    • Instruction Fuzzy Hash: 8C41E2B1D01309CBDB24DFAAC584ADDFBB6BF48304F64802AD809BB204D7756A46CF95
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D21D4 Relevance: .1, Instructions: 95COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6a48ddc91480ae24e8b63854cddde4228dedf5342d17583d9c2d66b27fd7442f
                                                                    • Instruction ID: c66d297055d5add716ec86f19b2c6d72de199542ff780f3e8f4181f6c70f6cb1
                                                                    • Opcode Fuzzy Hash: 6a48ddc91480ae24e8b63854cddde4228dedf5342d17583d9c2d66b27fd7442f
                                                                    • Instruction Fuzzy Hash: A131C3307102018FDB04EF79D898669B7A2FFC5304F408A79E40AAB35ADE75E885C751
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05714324 Relevance: .1, Instructions: 95COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 720859cbbe5a27625e955d800896806a73f17514eae892dff60ae9eb3c32a1f0
                                                                    • Instruction ID: 49541310d1d9f80cb471f1f7b96fbda8469f0a5e6dd92e31c8b42a2023171cfe
                                                                    • Opcode Fuzzy Hash: 720859cbbe5a27625e955d800896806a73f17514eae892dff60ae9eb3c32a1f0
                                                                    • Instruction Fuzzy Hash: 3E41BFB1D11358DBCB14CF9AC888A9EFBB5BF88710F20812AE418AB250D7746945CF94
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D4840 Relevance: .1, Instructions: 94COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 41d845b4f89f4ab144f3201f2f87f0c60efde2bc0b1ff5c1f3ceecb7e18c73ab
                                                                    • Instruction ID: 4e2fd10778980e2d228235901a56f7233d464fd8b340e6893044b2f0c6d05701
                                                                    • Opcode Fuzzy Hash: 41d845b4f89f4ab144f3201f2f87f0c60efde2bc0b1ff5c1f3ceecb7e18c73ab
                                                                    • Instruction Fuzzy Hash: 0531E3357102018FDB04EF78D898759B7A2FFC5304F448A79E40AAB35AEE75D885C710
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 057104E8 Relevance: .1, Instructions: 93COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 991ec2e2dc96b1608ebd936961a1581ce13a2c3a21f8e1f271a14cefdc8a0e7c
                                                                    • Instruction ID: 5d4c2b21eba2a05fcbac9497fc09d7a59a3d0cd2d8ecf5e8bfdd6bf8234f8718
                                                                    • Opcode Fuzzy Hash: 991ec2e2dc96b1608ebd936961a1581ce13a2c3a21f8e1f271a14cefdc8a0e7c
                                                                    • Instruction Fuzzy Hash: AB31A475A043018BDB10DF79D898755BBB2FFC8310F058679EC49AB245EB319889CB61
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05719420 Relevance: .1, Instructions: 92COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9e2dd7453a18635b6c76a9ff41761164971605c11f996d27a7decf4514610b28
                                                                    • Instruction ID: dceca6d123fd3dc308425605376eb03b5bd8bedb2deb91209eee1c6558e42919
                                                                    • Opcode Fuzzy Hash: 9e2dd7453a18635b6c76a9ff41761164971605c11f996d27a7decf4514610b28
                                                                    • Instruction Fuzzy Hash: E3318F35B00219DFCF04EFA8D8548DDF7B6FF88210B048569E906AB350EB71AD46CB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 057172A8 Relevance: .1, Instructions: 92COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a4b3ed42928a881c8a102b0b81c4fef233307b022e956ae9a9127fb2fab89565
                                                                    • Instruction ID: cd0793a968dc29d19f2ce89c8b6231b1597f702bcea0c6fb670697667a4d9dcd
                                                                    • Opcode Fuzzy Hash: a4b3ed42928a881c8a102b0b81c4fef233307b022e956ae9a9127fb2fab89565
                                                                    • Instruction Fuzzy Hash: 0341E775A0020ADFCB44DFA9D88499EFBB5FF89310B14C659E918AB315E730E985CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05714F6C Relevance: .1, Instructions: 90COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 249d6aeef874ef272084f9ca09301ffcc70fde03992fb41b4054ecce0f3cd907
                                                                    • Instruction ID: 1bf35b695233105b6b8b8c1e824e5ba3bb010fff5e58de16a5979fe199340daf
                                                                    • Opcode Fuzzy Hash: 249d6aeef874ef272084f9ca09301ffcc70fde03992fb41b4054ecce0f3cd907
                                                                    • Instruction Fuzzy Hash: 18312BB1D003089FDB14DFAAD444A9EFBF9EB48320F10C46AD819E7601D774A945CBA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 057104F8 Relevance: .1, Instructions: 89COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c1769a39865625bea565a95390e70ede4b4825f80ee847691b8e4070d643dc48
                                                                    • Instruction ID: f94f9776f6823815ac898559b550f66ad608b6576c3abc22cd14edbac865cc65
                                                                    • Opcode Fuzzy Hash: c1769a39865625bea565a95390e70ede4b4825f80ee847691b8e4070d643dc48
                                                                    • Instruction Fuzzy Hash: F3318075A142018BDB10DF6DD898B55B7B2FFC8320F08C679EC096B249EF31A885CB60
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05717E88 Relevance: .1, Instructions: 89COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f479eba4119879a14abdbef1f8679badff50a2ecbc52f47fefef3416c8f4defe
                                                                    • Instruction ID: f034eb2d41c35906461f01febdf810c705aed67f2a726b3e3ba1fbbf07187f27
                                                                    • Opcode Fuzzy Hash: f479eba4119879a14abdbef1f8679badff50a2ecbc52f47fefef3416c8f4defe
                                                                    • Instruction Fuzzy Hash: 73218F323141018FC7289F2CC884A697BE5FF85311B1984B6E90ACF3A6DE35DC049B94
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D8551 Relevance: .1, Instructions: 87COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 126e5acd7c7188c3c5674969fbb007165eb09c136054a3fdbc40f85ab098e51c
                                                                    • Instruction ID: 24809afb682c0b0de82ddc665a0f958f27914dc4f1151313511a0eccdf16a53a
                                                                    • Opcode Fuzzy Hash: 126e5acd7c7188c3c5674969fbb007165eb09c136054a3fdbc40f85ab098e51c
                                                                    • Instruction Fuzzy Hash: 6F31C3B5E01215CFDF24EFB5C0542AE7AB2DB98258F144839C802AB391DA758D81CB97
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D1B50 Relevance: .1, Instructions: 87COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e869a899ff8ec4ec73160794e1fe9a86f5a7146b25202d77d5f5980885936acd
                                                                    • Instruction ID: c2f6acec51e1945f8fe3b3af11acb68700652943fa2225dfb4c713ae127f17d4
                                                                    • Opcode Fuzzy Hash: e869a899ff8ec4ec73160794e1fe9a86f5a7146b25202d77d5f5980885936acd
                                                                    • Instruction Fuzzy Hash: 2B3179B0D013099FCB15CFA9D8859DEBBF6FF88310F14862AE818A7291E730A905CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05715579 Relevance: .1, Instructions: 87COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 98778ce01c03adb1a815d8dda16e26a4c5bb79996f2afcce38cc5fbce517ab9e
                                                                    • Instruction ID: 45927847dca660fe87378e1a40afeb601c616854037ccf156cae80b3fa71f7e2
                                                                    • Opcode Fuzzy Hash: 98778ce01c03adb1a815d8dda16e26a4c5bb79996f2afcce38cc5fbce517ab9e
                                                                    • Instruction Fuzzy Hash: 17219371B002456FCB15DBAEC904EBFBBFAAFC4740F14816AE815E3250EA318A01DB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 057152F8 Relevance: .1, Instructions: 86COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7da0f0657b04de2642514363a0f65efc0bf1fb0028d37d2799eedc8ab2e6e7d0
                                                                    • Instruction ID: 4b72d668f5a19799c16b9284cff1dd64d3a4f22f48177be0f99701cf734c67ee
                                                                    • Opcode Fuzzy Hash: 7da0f0657b04de2642514363a0f65efc0bf1fb0028d37d2799eedc8ab2e6e7d0
                                                                    • Instruction Fuzzy Hash: 6221B131A042059FCB15DF78E84889AFBF6FFC1214B15C8A9D906DB351EB71E8058B95
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D9970 Relevance: .1, Instructions: 81COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 365e86703807de3b225484397d1d4a7392adb71a9bc579f29e526acab87174cc
                                                                    • Instruction ID: 7dfef3496edfe5b3cdbc91f309b99bb24cdb86738dce93665a80a50ef3601f62
                                                                    • Opcode Fuzzy Hash: 365e86703807de3b225484397d1d4a7392adb71a9bc579f29e526acab87174cc
                                                                    • Instruction Fuzzy Hash: B611B2B13092805FC716972DD858D64BFBADFC759430A40E7E248CF2B3D961DC068BA6
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D8818 Relevance: .1, Instructions: 79COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5c3b4053a0368a78d4b38762d57676dffd5f9c312881fb7540c10a405679ad5a
                                                                    • Instruction ID: d1741c8fff955279091225dea432f83674149acf60fb563091001f3a288a4326
                                                                    • Opcode Fuzzy Hash: 5c3b4053a0368a78d4b38762d57676dffd5f9c312881fb7540c10a405679ad5a
                                                                    • Instruction Fuzzy Hash: B521E075E1020AEFDB059FA4C8889DDBBB6FFCA304B044525E5017B261DB74AC45CB92
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0150D3D8 Relevance: .1, Instructions: 75COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2222533843.000000000150D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0150D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_150d000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 49dabfa946e13fb86a77decc94f8bc8cfa966a31a5ad23754ec0063143f2e3b3
                                                                    • Instruction ID: 5003e7208acec586fbc0311ba6f716be7b552760cbcb8c6333a2297109cc58c4
                                                                    • Opcode Fuzzy Hash: 49dabfa946e13fb86a77decc94f8bc8cfa966a31a5ad23754ec0063143f2e3b3
                                                                    • Instruction Fuzzy Hash: 30210671500204DFDB06DFD8D9C0B6ABFB5FB98324F21C569E9090F296C37AE456C6A2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05717B40 Relevance: .1, Instructions: 75COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 61fe6cf01f055ebd5a53a960b89ec869b01a6896c3796c9f83f724c255689fdf
                                                                    • Instruction ID: 4b435f7f5295cc85b41c50849c1c7302082e9dd1889d55109f99c26bd3139644
                                                                    • Opcode Fuzzy Hash: 61fe6cf01f055ebd5a53a960b89ec869b01a6896c3796c9f83f724c255689fdf
                                                                    • Instruction Fuzzy Hash: 57118031A096214FC73AAB6C865457D7BA5FFC5F01705409ADC069B352CF289C01D3D5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DDDA3 Relevance: .1, Instructions: 73COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0b29b69a82cba808783db43924ab00fb2439198e6268f6ea8ea8c967aedf74da
                                                                    • Instruction ID: 526a633d7f8aefc4996c3b89f83ec4740ed743f4c08ddd69b3917facb7404a87
                                                                    • Opcode Fuzzy Hash: 0b29b69a82cba808783db43924ab00fb2439198e6268f6ea8ea8c967aedf74da
                                                                    • Instruction Fuzzy Hash: B42134763005129BCB219F98D88467BB7BBFB88391F558826E905DB285DF38CC92C3D1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05714F98 Relevance: .1, Instructions: 73COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: aa1a6129ed0d25896c4205275dd2dd4544c2d203cd10881b170cb7f97564c8dc
                                                                    • Instruction ID: 020d2b9c811693d76415bf0f8cf7c500b3fdf71a9d776959aa12dc825d48e4b8
                                                                    • Opcode Fuzzy Hash: aa1a6129ed0d25896c4205275dd2dd4544c2d203cd10881b170cb7f97564c8dc
                                                                    • Instruction Fuzzy Hash: 3921AE75E0120A8FDF05DFBCC8949FEBBF6AFD8300B54456AD405E7251EA348A01DBA2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0151D1D4 Relevance: .1, Instructions: 72COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2222591605.000000000151D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0151D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_151d000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 60f95e4d975a64025b7c983283a2b3d3b59670c4f65ae697d406c3a0e3eee77c
                                                                    • Instruction ID: a6ce31b287f4962b3eaca3161b437a26e1fb858544ff0b6999af9515d0c51504
                                                                    • Opcode Fuzzy Hash: 60f95e4d975a64025b7c983283a2b3d3b59670c4f65ae697d406c3a0e3eee77c
                                                                    • Instruction Fuzzy Hash: 22210771504204DFEB06DF98D5C8F66BBB5FB84324F20CA6DD9294F25AC33AD446CA61
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0151D01C Relevance: .1, Instructions: 72COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2222591605.000000000151D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0151D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_151d000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d3d8894ba2421052a775d14d521b86f14545d483fe9092039f27997abb72bd76
                                                                    • Instruction ID: 1f2d1e0af0ffb964f8cff9f85f9953e0b2902d064f035dec5dce9fe1b38c73c6
                                                                    • Opcode Fuzzy Hash: d3d8894ba2421052a775d14d521b86f14545d483fe9092039f27997abb72bd76
                                                                    • Instruction Fuzzy Hash: CF210375504204DFEB16DF68D988B26BFB5FB84314F20C96DD9090F25AD33AD446CA61
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571C450 Relevance: .1, Instructions: 70COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ede326bb09d3cbd4d87534d7d3b0b24de83a09433be7462fb99d365336ec26aa
                                                                    • Instruction ID: df57ca77e0765ce7460af7adbc90454d0a558280e41cbc7ee71a20947be60f69
                                                                    • Opcode Fuzzy Hash: ede326bb09d3cbd4d87534d7d3b0b24de83a09433be7462fb99d365336ec26aa
                                                                    • Instruction Fuzzy Hash: B82133319106099FCB10EF6CD84099AFBF5FF59311F50C26AE958A7204EB30E998CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D8828 Relevance: .1, Instructions: 69COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2fe95b5aedf17f4ec067c2a4873a737c3109b81deda6f8c6921a1ba453a99f41
                                                                    • Instruction ID: e801c15d0515a6c2f1d3847d357c9c3dbc745354c7345cc34b2173740612600a
                                                                    • Opcode Fuzzy Hash: 2fe95b5aedf17f4ec067c2a4873a737c3109b81deda6f8c6921a1ba453a99f41
                                                                    • Instruction Fuzzy Hash: 7521DE35A1021AEFCB059FA4D8489DEBBB6FFCA304F444529E401BB260DF74A885CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 057152E8 Relevance: .1, Instructions: 67COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 68aa91950726f1614fa11abafc8c2bc9f48ddbb19b5a56a94324842edd363d7e
                                                                    • Instruction ID: 6216cbfeaacc1adc634e5a0dfc1be3b9f0112f0e5ebddf739a1b2499779b996d
                                                                    • Opcode Fuzzy Hash: 68aa91950726f1614fa11abafc8c2bc9f48ddbb19b5a56a94324842edd363d7e
                                                                    • Instruction Fuzzy Hash: 1C2181716002059FCB15EB6CD45489AB7FAFFC1710B05C9AAD946EB360EB70E9058F91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DB161 Relevance: .1, Instructions: 66COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6b9f29a5d761ad3065ef5ebe916d84c0653234a80d7bff69472551b194a4e9db
                                                                    • Instruction ID: 2d33b71e6ae483216439437cdec47e67657e873d3af477c115eafee84da9e666
                                                                    • Opcode Fuzzy Hash: 6b9f29a5d761ad3065ef5ebe916d84c0653234a80d7bff69472551b194a4e9db
                                                                    • Instruction Fuzzy Hash: 70217C71E0024ADFCB05DFA9C8448AFFBF6FF99200B10855AE418E7221E7B19946CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571A819 Relevance: .1, Instructions: 66COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1d010e826178df1a32dfeddd9057d440d0c6a121b885d9ac058b4f45f53310d2
                                                                    • Instruction ID: eb5cf614ca56146621e5586aedd866587842e49f2214ba7a15078872d25860fb
                                                                    • Opcode Fuzzy Hash: 1d010e826178df1a32dfeddd9057d440d0c6a121b885d9ac058b4f45f53310d2
                                                                    • Instruction Fuzzy Hash: C1214A757042408FC755CF3CD484A54BBF1FF99314B1582AAE586DB362EB71E886CB80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05715DD1 Relevance: .1, Instructions: 64COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c891703be11e7c92accb033baaed6880f5ffd9bc45f9d4bbeeade47edbdb07b3
                                                                    • Instruction ID: ede1ef5582f96937594d298bb084d942e2c3af47107808eb2c6f37314dfe6230
                                                                    • Opcode Fuzzy Hash: c891703be11e7c92accb033baaed6880f5ffd9bc45f9d4bbeeade47edbdb07b3
                                                                    • Instruction Fuzzy Hash: 40114C71B0A3945FCF0A977888599AE7F73DFC7640B0900EADA84EF392C5240905D7A9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D7B70 Relevance: .1, Instructions: 62COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3191937ad940ca741bad74697597b74eed9c22cf0934a84d76a69c43368792ed
                                                                    • Instruction ID: adcf5ca99840a21735db1b6461f7b9a0a99ee2404c5d2f7983fe501a59f2b167
                                                                    • Opcode Fuzzy Hash: 3191937ad940ca741bad74697597b74eed9c22cf0934a84d76a69c43368792ed
                                                                    • Instruction Fuzzy Hash: DE1104F29093844FC71A8AB8A8552CCBF75EFA73A1F4905EBD180DF266C6244C19C3E1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0151D006 Relevance: .1, Instructions: 62COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2222591605.000000000151D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0151D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_151d000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 74adbec24daf1041e8fe4d7629611e7dcdebe6b149f2e72fd3f2811438c51432
                                                                    • Instruction ID: 41e4d80a901b819dd96333724b1a64bee03f274cef51692df03c2369c1844ac8
                                                                    • Opcode Fuzzy Hash: 74adbec24daf1041e8fe4d7629611e7dcdebe6b149f2e72fd3f2811438c51432
                                                                    • Instruction Fuzzy Hash: AA219D755093808FDB03CF24D994B15BF71FB46214F28C5EAD8498F2A7C33A984ACB62
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05710410 Relevance: .1, Instructions: 62COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b110bf10617c271b1190e52b64f67d28a8b9eed949d2d7af717b56bf4aa0acb2
                                                                    • Instruction ID: a608667324799941d71637ae14ab71002e4c4f9823fffc192a843221e32e0fe6
                                                                    • Opcode Fuzzy Hash: b110bf10617c271b1190e52b64f67d28a8b9eed949d2d7af717b56bf4aa0acb2
                                                                    • Instruction Fuzzy Hash: D121AE31A00704CFD755AB38C845BEAB7B7AF81311F0188ADC4895B2B1EF70A4CACB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DEA48 Relevance: .1, Instructions: 59COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5bea6957d69d41f4728f5db54805803b5e8c3559d51dffe756359f140bc4c6e7
                                                                    • Instruction ID: 7002c6d64485b177e18b2d9be2b0d151106d6e71758b882deb686530bc724502
                                                                    • Opcode Fuzzy Hash: 5bea6957d69d41f4728f5db54805803b5e8c3559d51dffe756359f140bc4c6e7
                                                                    • Instruction Fuzzy Hash: 2711C2703002028FD72ADA65C894B3BB3A6FBC8754F54C83AE4498B284CBB5EC068790
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DEA43 Relevance: .1, Instructions: 59COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1da226253c88fe7d2639ecf3e6bed5997614d1080a65b2ed350ae40af2a93b43
                                                                    • Instruction ID: 71eedfb7f27ccd8dcd7ba311b35ff8aefb94feb8bf6c83536cb802eabf1f0eb8
                                                                    • Opcode Fuzzy Hash: 1da226253c88fe7d2639ecf3e6bed5997614d1080a65b2ed350ae40af2a93b43
                                                                    • Instruction Fuzzy Hash: 5811C2703002069FD72ADA65C994B3BB3A6FBC4754F54C83AE4498F284CBB5EC068790
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D9A10 Relevance: .1, Instructions: 59COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d1da3382d322dbbf7e4f3d18122d91af16eb2d3c316db029b7636f52d40b57fb
                                                                    • Instruction ID: 0b247de11340053f46f3aaf03a675d62237bd0ca4b7e4e3407fa5f59a16728ea
                                                                    • Opcode Fuzzy Hash: d1da3382d322dbbf7e4f3d18122d91af16eb2d3c316db029b7636f52d40b57fb
                                                                    • Instruction Fuzzy Hash: C511E9727051814FC706D72CC859E95BBE5AF8616470A80E7E245CF2F3CA21DC0A8796
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DB170 Relevance: .1, Instructions: 59COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 51279721b25c9733295fa5613c620ba4429529a790cf96804e7f31d2b666f50c
                                                                    • Instruction ID: 60bce623e95ba8cbdb47df31de281294907ca4c81764c825c88ccd5f1e976db4
                                                                    • Opcode Fuzzy Hash: 51279721b25c9733295fa5613c620ba4429529a790cf96804e7f31d2b666f50c
                                                                    • Instruction Fuzzy Hash: EB21CC71E0021A9F8B04DFADC8849AFFBF9FF98310B10C55AE518E7215E771A956CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F64D9 Relevance: .1, Instructions: 57COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b851d059e1a427d8db4791dc99260cae18b00cd26cfdcd4e5fbab6de453fab65
                                                                    • Instruction ID: 2cc46c9abdef089554e57a2caf5512fc1a3e16bbda692ba9e44c1d77c928dd1e
                                                                    • Opcode Fuzzy Hash: b851d059e1a427d8db4791dc99260cae18b00cd26cfdcd4e5fbab6de453fab65
                                                                    • Instruction Fuzzy Hash: BA11A0B5715104CFC305CFA8C646A687FB8EB0A715F9486D8E908EB362C632ED12CB40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 057183EB Relevance: .1, Instructions: 57COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c87dab85449988be4bc4733077f5dabf2221a64329983112c4097bba91ee30f5
                                                                    • Instruction ID: 696dc072c2bd4c73b524da010617f5755aeb82b38552aac28112b6be69cd326d
                                                                    • Opcode Fuzzy Hash: c87dab85449988be4bc4733077f5dabf2221a64329983112c4097bba91ee30f5
                                                                    • Instruction Fuzzy Hash: 38118E323182014FD728CA2CC885B693BD6FF89710F1980B6E90ACF3A6D969CC019795
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0150D3D3 Relevance: .1, Instructions: 56COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2222533843.000000000150D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0150D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_150d000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                    • Instruction ID: d50632490b8c6b943fa7fbd6f63387f2b179624aeefd74eb2309dca19e06a2c8
                                                                    • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                    • Instruction Fuzzy Hash: FF11CD72404240CFDB02CF84D5C4B5ABF71FB84224F24C6A9D9090A256C33AE45ACBA2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05710420 Relevance: .1, Instructions: 55COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b8f7feb40ff4cf2e9f7f7ebed438b96124a081bf6a9ffc954623d2eacdd0325d
                                                                    • Instruction ID: d14ffc934beaca1bb5760f96cbf6795ca8c6f1dedb1f5614eb0a8e3b75ad08dc
                                                                    • Opcode Fuzzy Hash: b8f7feb40ff4cf2e9f7f7ebed438b96124a081bf6a9ffc954623d2eacdd0325d
                                                                    • Instruction Fuzzy Hash: D9114C35A00705CFC7A4EB78C844AEAB3B6EF85315F10886DD45A1B274DF71A8CACB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D91B3 Relevance: .1, Instructions: 54COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: eeacb39ef31f3e4424111760aa56721a43645a0f8439feecefc7c4fa1e6914ef
                                                                    • Instruction ID: b3997e556486881ff00eef0de6bf3fc0807ed1b605391ae8f496c18dd3747d57
                                                                    • Opcode Fuzzy Hash: eeacb39ef31f3e4424111760aa56721a43645a0f8439feecefc7c4fa1e6914ef
                                                                    • Instruction Fuzzy Hash: 78110472A0A3849FCB028BA4DC44BDABFB5EF46200F0A00A7D500EF1A2D2356D09C791
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 057117E0 Relevance: .1, Instructions: 54COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2d2b96729572063b3e452732aa694d1e84300ed6e038ea38344257feed6c7ac9
                                                                    • Instruction ID: 3681b9c77a13d4be4ae78b5311f65816e24d885258baf848e126a2ac9e0890e5
                                                                    • Opcode Fuzzy Hash: 2d2b96729572063b3e452732aa694d1e84300ed6e038ea38344257feed6c7ac9
                                                                    • Instruction Fuzzy Hash: 4411A330A01209DFDB14EFA9D0187DEBBF2EF84314F508469DA06AB280DF759D05CB96
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F65A3 Relevance: .1, Instructions: 53COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7b9e101559087b5f542c0e42debec520cbb670d1ca0810279b26b43326e7eb3b
                                                                    • Instruction ID: da2f54474ceb15d1edb7537abfe56611e51e08fe32bba67e7ea1fa69e0700dcf
                                                                    • Opcode Fuzzy Hash: 7b9e101559087b5f542c0e42debec520cbb670d1ca0810279b26b43326e7eb3b
                                                                    • Instruction Fuzzy Hash: B0115EF8D182098FCB04DFE4D6452AEBFB5FF49300F608565D525AB395CB344A018B91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0151D1CF Relevance: .1, Instructions: 53COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2222591605.000000000151D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0151D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_151d000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                    • Instruction ID: 38a5ad38b9443de53a3a032421fb7fdf7a5c30c5661afd96db8e4155a3f36de8
                                                                    • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                    • Instruction Fuzzy Hash: F711BB75504280DFEB02CF58C5C8B19BFB1FB84224F24C6A9D8594F69AC33AD40ACB62
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 057120C1 Relevance: .1, Instructions: 53COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3ccbcaa02d8047f442ebcc9aa487b01b401bc093de364714cfc5e24d019263ca
                                                                    • Instruction ID: b25d7c21661f6f1d08d3ac09674ae0a0028ba0bfb978a49ab4a2e46ec6430635
                                                                    • Opcode Fuzzy Hash: 3ccbcaa02d8047f442ebcc9aa487b01b401bc093de364714cfc5e24d019263ca
                                                                    • Instruction Fuzzy Hash: 0111C275A04105DFDB00DF68D959AAFBBA2FF89300F044069E402BF395DE758C05D7A5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05715898 Relevance: .1, Instructions: 53COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0e38d50f0f8a10de13fd43152f780809e6e4118178f3a2f3d9b83b0ad22b3248
                                                                    • Instruction ID: 44192e532c597e9a23404d1810112d677ffce91008c5d95cc7986e4d8316ebf6
                                                                    • Opcode Fuzzy Hash: 0e38d50f0f8a10de13fd43152f780809e6e4118178f3a2f3d9b83b0ad22b3248
                                                                    • Instruction Fuzzy Hash: EA1123B1C042089FCB14DF9AD448ADEFBF9EB89320F10842AD819B3310D378A544CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DB291 Relevance: .1, Instructions: 52COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1b668f97e1ada98875c4511b8d923e713e4814b76515ffadeff70ce3597628c1
                                                                    • Instruction ID: f9848e31c9c692ba959c9b7b5a88e1081950fe31f6f961a0844a08182580208b
                                                                    • Opcode Fuzzy Hash: 1b668f97e1ada98875c4511b8d923e713e4814b76515ffadeff70ce3597628c1
                                                                    • Instruction Fuzzy Hash: C00145F17042428FCB15A676D810A2D77BAEFC22A0B0588BAC8058B274EF71FC028391
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571672B Relevance: .1, Instructions: 51COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a4a7a38321aab569943b330e78e4ec05f7520a7aac8b151b64801f9cfc407db6
                                                                    • Instruction ID: 81f168baea447a39ad42eb15d71ee96585b0aad45abc469897ab81e6dbaa75c8
                                                                    • Opcode Fuzzy Hash: a4a7a38321aab569943b330e78e4ec05f7520a7aac8b151b64801f9cfc407db6
                                                                    • Instruction Fuzzy Hash: 4401F262B083545FDB08DFBD98096AF3FF79F81160B28C0BAD806D76A2ED30C8059354
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571DDFB Relevance: .1, Instructions: 51COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 83fa736b57bdd476e19f78c0032bac1f58095c503070b01f3503c7615028a600
                                                                    • Instruction ID: 414555302ad843ad1e1b534cce877e382affb409fd3ca97f0ec178cc5492d593
                                                                    • Opcode Fuzzy Hash: 83fa736b57bdd476e19f78c0032bac1f58095c503070b01f3503c7615028a600
                                                                    • Instruction Fuzzy Hash: 15018C757002108FC718DB69D988A6ABBEAFFC8215B18856DE80ACB370CF70EC05DB54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05714F8C Relevance: .1, Instructions: 51COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4e92f55684ce002b8a5d896d456e7749f22557f92db997710b4f6ca51ef5e6c6
                                                                    • Instruction ID: 7b1ee7023b2531dff433b57b8838f3d9b04b3063725cff356ab865b307685659
                                                                    • Opcode Fuzzy Hash: 4e92f55684ce002b8a5d896d456e7749f22557f92db997710b4f6ca51ef5e6c6
                                                                    • Instruction Fuzzy Hash: B11104B5C046089FCB10DF9AD448B9EFBF8EB88320F10842AD859A7310D378A945CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05714B4C Relevance: .1, Instructions: 51COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c97136f7c2a60ac7dc38383a8f45938edc6ca1790d770e40db9045f77b923c28
                                                                    • Instruction ID: dee4eff518a7cadff471de9ef46900a115ac7855dfe17775edf6d88449d8f5e5
                                                                    • Opcode Fuzzy Hash: c97136f7c2a60ac7dc38383a8f45938edc6ca1790d770e40db9045f77b923c28
                                                                    • Instruction Fuzzy Hash: 7C1107B5C046089FCB10DF9AD444B9EFBF9EF88320F10842AD859A7310D778A545CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F65B0 Relevance: .0, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ff1a714c0d6ba01fcbb02d318cbaff404f7d709e020190cb2b23cb8c03749c76
                                                                    • Instruction ID: be2fef13d601fc076d2513e1fc3ac43b4591be40d2730adf63a744d53ee7d14e
                                                                    • Opcode Fuzzy Hash: ff1a714c0d6ba01fcbb02d318cbaff404f7d709e020190cb2b23cb8c03749c76
                                                                    • Instruction Fuzzy Hash: 441106B8E182099FCB44EFA9D6452AEBBF9FB49300F108469D519A7345DB309A008B91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DB208 Relevance: .0, Instructions: 48COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5e2cfa7a18459e605049dc0cc2e4883e6842bbb7c8d6c2fd680ecca4f2e8933f
                                                                    • Instruction ID: ace9f5aef89f77e1fdb6b1c444d6dcf3e081fd3957f445f625da7814402b24fa
                                                                    • Opcode Fuzzy Hash: 5e2cfa7a18459e605049dc0cc2e4883e6842bbb7c8d6c2fd680ecca4f2e8933f
                                                                    • Instruction Fuzzy Hash: AB01F5B1304241CFCB14DBA9D44492977B6EFC2290B56C5BAD458CB375EB71EC02CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DE8A3 Relevance: .0, Instructions: 47COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4d70c5d8e2d272b025d07bc931a844e1f5bc0f8546b180b1b48212528a0be23e
                                                                    • Instruction ID: 2d084b5bf5932232d6378582110db624afb576479b2141deb4f7468be151da1c
                                                                    • Opcode Fuzzy Hash: 4d70c5d8e2d272b025d07bc931a844e1f5bc0f8546b180b1b48212528a0be23e
                                                                    • Instruction Fuzzy Hash: 8001B5F2903A23AFC7364F09D000239FBB5BB45B90B09496AD4185BA01C7B0FC90C7E6
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05716D28 Relevance: .0, Instructions: 46COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8ad0ff568715b62a55b2be2b63fae55e4331c52b6475572c3ac733216521a60f
                                                                    • Instruction ID: 3ecaef727d3a852352d2905ed42cba03f0006640b592a73bb48305cc16acd54b
                                                                    • Opcode Fuzzy Hash: 8ad0ff568715b62a55b2be2b63fae55e4331c52b6475572c3ac733216521a60f
                                                                    • Instruction Fuzzy Hash: 7F1133B58006189FCB10DF9AC488BDEFBF8EB48320F24841AD959A3700D378A544CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05717C10 Relevance: .0, Instructions: 46COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a2b3dec359ffdd0766a9a41812245492a51f75ee7f5b68ec0e1323436c43f37a
                                                                    • Instruction ID: 97a0d1424e23b5d78b11ef1064d59f16567ef43880fc9fcacc6c0e8a7b49b557
                                                                    • Opcode Fuzzy Hash: a2b3dec359ffdd0766a9a41812245492a51f75ee7f5b68ec0e1323436c43f37a
                                                                    • Instruction Fuzzy Hash: 4601D63A3183008FC718CF3DC88986A37A6EBCA61071900EAD406C7371CA25DC418744
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05719F68 Relevance: .0, Instructions: 46COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f31924452b49e4b7682e6656d7817592bd31e8ba48500ae1d16e72231e0fddc3
                                                                    • Instruction ID: 1ecc8eccf0b45d375f015f239f9bb35f69bab72027d9efc218e6300524f79e43
                                                                    • Opcode Fuzzy Hash: f31924452b49e4b7682e6656d7817592bd31e8ba48500ae1d16e72231e0fddc3
                                                                    • Instruction Fuzzy Hash: 0BF086713083115FC7199B7DE4648597BAEEEC626030049BAF50AC7271CA61DC0B9794
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D85EA Relevance: .0, Instructions: 45COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a32c87e838413c913794355e43f0bb5c27b3ad35f73f73410a2c94c2d3f9980d
                                                                    • Instruction ID: 60e2420cdaa4c604b8b7c9e8a6b21d130e30a3667140ad06d2775ae348b079af
                                                                    • Opcode Fuzzy Hash: a32c87e838413c913794355e43f0bb5c27b3ad35f73f73410a2c94c2d3f9980d
                                                                    • Instruction Fuzzy Hash: AD0180B0E0020ACFDF149FB5C1597AD7AB2DB54798F144479D402A6291CB784D81CFA7
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DB2A0 Relevance: .0, Instructions: 45COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d519e8605ee5ecc4bba8e62bcd4ed25ac1deb0b4c8e539baab2c00e7ca6c646c
                                                                    • Instruction ID: 8758fdfb9e5d84d6af7b6f66616e3c3b3c76aef317f1c9624e50d70d844076cc
                                                                    • Opcode Fuzzy Hash: d519e8605ee5ecc4bba8e62bcd4ed25ac1deb0b4c8e539baab2c00e7ca6c646c
                                                                    • Instruction Fuzzy Hash: 9D01A2B13002059FC719AA6AD850A2EB3FAEFC5260B55C87AC40587264DF75EC02C791
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DD1D4 Relevance: .0, Instructions: 45COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2d3440acf4230ceae7f0a69a696e83bc9d7cc94770027ea7706495b513f302ea
                                                                    • Instruction ID: d3e940132d1d14f34d734e3d233fc4014ce1a6490936481dd73fe7a24dac4784
                                                                    • Opcode Fuzzy Hash: 2d3440acf4230ceae7f0a69a696e83bc9d7cc94770027ea7706495b513f302ea
                                                                    • Instruction Fuzzy Hash: 3A01A2703507114BE704AB79C0587ABBADAEF84B04F00895DE14A8B795CFF698468380
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0150D745 Relevance: .0, Instructions: 45COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2222533843.000000000150D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0150D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_150d000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ca6cf3e60d863409e8158d3be922f389e4f3c9389263342d759738e0f8571639
                                                                    • Instruction ID: 827cf24842bd1efa5473f16899718c5c3c23f4fb5a2a56be8592a1252dcc0043
                                                                    • Opcode Fuzzy Hash: ca6cf3e60d863409e8158d3be922f389e4f3c9389263342d759738e0f8571639
                                                                    • Instruction Fuzzy Hash: 0701AC710053849AE7125AD9CD84B5ABFECFF45324F14C929ED094E2C6D2799441C675
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05719750 Relevance: .0, Instructions: 45COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5b3752273021b0267618a1e5f7199a8aa71ecaa81a1cd28e5c8e0ec141cb7e12
                                                                    • Instruction ID: b18ba9e74018499b6367e5c9af4ef871d6ad6b3678a0f484dbbd70308f8ad5fa
                                                                    • Opcode Fuzzy Hash: 5b3752273021b0267618a1e5f7199a8aa71ecaa81a1cd28e5c8e0ec141cb7e12
                                                                    • Instruction Fuzzy Hash: 8901D2316057088FC329EF3CC42845A77F6AF92300B04C6AED9468B2A1EB71D842DB85
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 057120D0 Relevance: .0, Instructions: 45COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: face25a8c6144a9dfe052a584ffcbd26c71dabc63f3b591d2b2dea2a04f4f991
                                                                    • Instruction ID: fb915c33e7c9955a404684d07537a058d620c65f491b74abf18f084f8f703754
                                                                    • Opcode Fuzzy Hash: face25a8c6144a9dfe052a584ffcbd26c71dabc63f3b591d2b2dea2a04f4f991
                                                                    • Instruction Fuzzy Hash: 4B01BC74A00109DFEB00DF69D849AAFBBF6FB89304F048029E502AF384CE759C04DBA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571DE08 Relevance: .0, Instructions: 45COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 33d8969cd1ca78994d839be54861e68fad7bef4d230fb804fcdefefc93078c38
                                                                    • Instruction ID: 9efeb477aeb764548bd4ee4df77bae401812ab474ef90dfd56ef12c04409b9d3
                                                                    • Opcode Fuzzy Hash: 33d8969cd1ca78994d839be54861e68fad7bef4d230fb804fcdefefc93078c38
                                                                    • Instruction Fuzzy Hash: 080178747002118FC718DB29E48892EBBEAFFC8215B18856DE80ACB360CF71EC05DB54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05719760 Relevance: .0, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fa464556a0aab7a4199f8dd68ea00d5b80e58e65b731f8a366be281e5efc0b42
                                                                    • Instruction ID: fbb3d8e1a931927d0bbec9ead88ebfb20312d1b3db44f9c5daaeab70ca56203f
                                                                    • Opcode Fuzzy Hash: fa464556a0aab7a4199f8dd68ea00d5b80e58e65b731f8a366be281e5efc0b42
                                                                    • Instruction Fuzzy Hash: 64014C316007088FC728EF3DC45445A77F6EF85301B14C66ED9468B360EB71E942DB85
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05716D30 Relevance: .0, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9ef3107ba56d4a619e4e29ac84326eba43ce01da52c043227d8b8b26a74380d4
                                                                    • Instruction ID: 33386f1045db9a18a8193c6fa5cc320bde7dc066b2fb87bf6fcb02b6e101682f
                                                                    • Opcode Fuzzy Hash: 9ef3107ba56d4a619e4e29ac84326eba43ce01da52c043227d8b8b26a74380d4
                                                                    • Instruction Fuzzy Hash: 6C1115B58007588FCB10DF9AD544BDEFBF8EB48320F10841AD959A7700C378A544CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DA390 Relevance: .0, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 346b7a60286e49ad428fabcfef6503d67c08587f857f1a103da4a1b3ef72b57b
                                                                    • Instruction ID: d8c07ffb296ebc406fc6e3c94610f7ee5ae4bf3ae8eea61b87df11a5c5e55b65
                                                                    • Opcode Fuzzy Hash: 346b7a60286e49ad428fabcfef6503d67c08587f857f1a103da4a1b3ef72b57b
                                                                    • Instruction Fuzzy Hash: DC01E9B191010A9BCB10DF98D9859EEBBB5EB14350F108126F914A7200DB70AE10CBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 057182C9 Relevance: .0, Instructions: 42COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bf216b112b9f39d858bba527a334df42cec10714b495d53fb34ba23920ece7fa
                                                                    • Instruction ID: f21c5d540cb4dbf4e1cabdc328476dcbc719e6b2f657215f4c2f8212708d480c
                                                                    • Opcode Fuzzy Hash: bf216b112b9f39d858bba527a334df42cec10714b495d53fb34ba23920ece7fa
                                                                    • Instruction Fuzzy Hash: EDF021313096514FC7295A3D9458D3E3BD59F82A0170900AEDC43CF551D614CC45F79F
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DA380 Relevance: .0, Instructions: 41COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 42973179c62d73072feeb783cbe3ca210e202b5c29ff3c4fc272d3628cffb0b4
                                                                    • Instruction ID: 0f09b27deacf9bb40bc49a8a8ff79ffd7803df37fab67568a3cbaeaf4a5c3e26
                                                                    • Opcode Fuzzy Hash: 42973179c62d73072feeb783cbe3ca210e202b5c29ff3c4fc272d3628cffb0b4
                                                                    • Instruction Fuzzy Hash: 96018FB2D1420ADFCB11DFA4DC45AEFBBB4EB09310F01802AE948E3241E7705E14C7A1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DD22C Relevance: .0, Instructions: 41COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 59b2af9ceff11e2dd0149e6c22d25dba4948d65da5ade2b7eebe4af6c2acccc1
                                                                    • Instruction ID: a81e956dc0dac92c6a3905cbce70bbca468359f8359028f2f275169d116af1aa
                                                                    • Opcode Fuzzy Hash: 59b2af9ceff11e2dd0149e6c22d25dba4948d65da5ade2b7eebe4af6c2acccc1
                                                                    • Instruction Fuzzy Hash: CC014B36241111CFC711EB68D088AE873B4FB893A4F1589B2E559AF326C776ACC2CB40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DB218 Relevance: .0, Instructions: 41COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 32ee6b6654659bbdd76b25a721cee2787306a39910dfe17ada9cb70449e76dca
                                                                    • Instruction ID: 23ff8db4bb8ef03df8da873c37864088aa6cf3addcbc0d59a52cafd757378726
                                                                    • Opcode Fuzzy Hash: 32ee6b6654659bbdd76b25a721cee2787306a39910dfe17ada9cb70449e76dca
                                                                    • Instruction Fuzzy Hash: 31018B713102018FCB14DB69D484E2AB3FAEFC5610B55C979D45987234EB71EC02CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05716E63 Relevance: .0, Instructions: 41COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 42ea2c601742b5b46aa807b7d8cf99b0566dbd6751b66dd0dd575e63c9f4228c
                                                                    • Instruction ID: d82f9174ea355cd696ac18c6ab397034148fe4dda1fa9ff334be03270b1673db
                                                                    • Opcode Fuzzy Hash: 42ea2c601742b5b46aa807b7d8cf99b0566dbd6751b66dd0dd575e63c9f4228c
                                                                    • Instruction Fuzzy Hash: 06F0F67190C3845FCB268BB8D8099137FBAFF43650704458BDC89C7A62E921D80AE76C
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05719B19 Relevance: .0, Instructions: 41COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 46f33b51b1b2007b3d783f76a13ac08444aefba1d94b831d94dcba8b892f5987
                                                                    • Instruction ID: dc8ecc981c5670a1159c5965b80c7163cdc0cd264ad971b7d671377bcbccb849
                                                                    • Opcode Fuzzy Hash: 46f33b51b1b2007b3d783f76a13ac08444aefba1d94b831d94dcba8b892f5987
                                                                    • Instruction Fuzzy Hash: 19012632B00704CFCB02BB78C4195ADB775AFC6210F06459EC9856B251EF30A842D7D6
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05719B98 Relevance: .0, Instructions: 41COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fbfa293a9a141b5f585c35ca4abeb334d7c4110bc9eb520e4ae0f2bf22832866
                                                                    • Instruction ID: 6fbd3014e721a4163ab54d3b0d6d49c3db7c70074fca0dc24c396a10eb320687
                                                                    • Opcode Fuzzy Hash: fbfa293a9a141b5f585c35ca4abeb334d7c4110bc9eb520e4ae0f2bf22832866
                                                                    • Instruction Fuzzy Hash: 7901F4312047009FC7365B1AD49899EBBBAFFCA222B45009AE44697361DF34EC4AC794
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F4B81 Relevance: .0, Instructions: 40COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a3fddbd362aa7e05a2b4dd4ce402c88770ff0a97bd8b3ef29913fe054a01ba1a
                                                                    • Instruction ID: 5eead1a9e229f99897c1dace1796199acceb63a79bf884256d6d45fcfe61921b
                                                                    • Opcode Fuzzy Hash: a3fddbd362aa7e05a2b4dd4ce402c88770ff0a97bd8b3ef29913fe054a01ba1a
                                                                    • Instruction Fuzzy Hash: 0511B074A002588FCB55DFA4C95079DBBB6BF88300F10889A990ABB394CA345E81CF60
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05717C20 Relevance: .0, Instructions: 40COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 68570e2e712e88ca14168cfa946e43914bf5dbc669f688c33389cec000e51626
                                                                    • Instruction ID: b9bd308e0acd06ab639ac88f08a87a61ba71aebda8aee4de304837b38a75eeac
                                                                    • Opcode Fuzzy Hash: 68570e2e712e88ca14168cfa946e43914bf5dbc669f688c33389cec000e51626
                                                                    • Instruction Fuzzy Hash: 61F0623A3546108FC728DF3DC44986A73ABFBCAA2072941A9E812C7375CB35DC419784
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05717E68 Relevance: .0, Instructions: 40COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: eda72384d3ef2284c6aac7ab9304aa9c922622da7f1413265f9b38d40591ff46
                                                                    • Instruction ID: 44f6007d97ac11acb9bb8b8ff6a181c79c1460ee1f61261920bf51d6cba3b30f
                                                                    • Opcode Fuzzy Hash: eda72384d3ef2284c6aac7ab9304aa9c922622da7f1413265f9b38d40591ff46
                                                                    • Instruction Fuzzy Hash: 89F0B4313446118BC728AA2E8458E3E36DAAF81B01708442AEC07C7650DE64CC06EA9E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05715E00 Relevance: .0, Instructions: 40COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 297e2f16570af967bb0be465271b31ccf67e2600f28ff3819ead5e9bb6b098a2
                                                                    • Instruction ID: be3cb267d77d121e1e3e685ea1a2471aa393de613011ffd5789e9c2b2ddfd71d
                                                                    • Opcode Fuzzy Hash: 297e2f16570af967bb0be465271b31ccf67e2600f28ff3819ead5e9bb6b098a2
                                                                    • Instruction Fuzzy Hash: 71F09671B011259B8F15A7ACD8599BEBBBB9BC8750F100039DB45A7340CE300A11D7E9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DA410 Relevance: .0, Instructions: 39COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 115880bd0835c4c0bae7608e7e87f653f5f2dbfa69cc0eba39de38632e24146d
                                                                    • Instruction ID: 4df8f850f48c93a083c63b19642a99ab0307b8109660ad48d6afeb04102373ca
                                                                    • Opcode Fuzzy Hash: 115880bd0835c4c0bae7608e7e87f653f5f2dbfa69cc0eba39de38632e24146d
                                                                    • Instruction Fuzzy Hash: 93018131A106298BCF15BA68D8184DDB375FF89310F01C929E91577280EF746A19CBE1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DA400 Relevance: .0, Instructions: 38COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 448cd2f504308a73fbe15a59e29a011a23b88e61e072e17269f4867c69f91836
                                                                    • Instruction ID: 6018afecb7641feff946eb4ecfc0afe15124eec6b4881c3e8f600ae7e9da5b11
                                                                    • Opcode Fuzzy Hash: 448cd2f504308a73fbe15a59e29a011a23b88e61e072e17269f4867c69f91836
                                                                    • Instruction Fuzzy Hash: 47F04C7691031487CF01BB78C8180DC7771BF8A210F02CA66D925B7290FF705D09D791
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D21F4 Relevance: .0, Instructions: 38COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c70f3fb360f2e34cf7a52c18671b07b72265f62a99b4c8238b8e928b365025bf
                                                                    • Instruction ID: a0112981f8dcfb0646f3ab7e15ec367b4d99469c5a3d1a92534942d9b3874c00
                                                                    • Opcode Fuzzy Hash: c70f3fb360f2e34cf7a52c18671b07b72265f62a99b4c8238b8e928b365025bf
                                                                    • Instruction Fuzzy Hash: ABF02E713351128BE7101569E80977931AEE7C13A7F044437A005C7185CEF8CC87D395
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DE363 Relevance: .0, Instructions: 37COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 11850c9ad3a14ac06d9c858924bae3f6ad228ad97e731f10cc0ea587a909b4fc
                                                                    • Instruction ID: 6873793ccd7a3c87442816b5317e93a58a97fef0228a1f32d8e332d57ff85426
                                                                    • Opcode Fuzzy Hash: 11850c9ad3a14ac06d9c858924bae3f6ad228ad97e731f10cc0ea587a909b4fc
                                                                    • Instruction Fuzzy Hash: 43F0C2703107114BEB14AB79C01875BBADAAB84B04F00495DE1468F7D6CFF6A8428380
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 057171F8 Relevance: .0, Instructions: 37COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c7809919d0d260636c98a2a52bcdec913fa0ac46efc204b1c0ca7215c4a410f4
                                                                    • Instruction ID: a900e5dc033a18db6aba919cdbbb71e76da466e21d4bb63acf41b104af0a5491
                                                                    • Opcode Fuzzy Hash: c7809919d0d260636c98a2a52bcdec913fa0ac46efc204b1c0ca7215c4a410f4
                                                                    • Instruction Fuzzy Hash: 38011631E00209DFCB40EFA8C54589DBBF0FF49200B11819BE858EB321E770AA44CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05718233 Relevance: .0, Instructions: 37COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4a13b3814a1be12054ead93cb15b2672ef5a7679914e939c095e3f6213a6fa5c
                                                                    • Instruction ID: 0dfa6e6394a1bb4d3025dc3f198ea8911e55598b370f2fb499776961ce5651c2
                                                                    • Opcode Fuzzy Hash: 4a13b3814a1be12054ead93cb15b2672ef5a7679914e939c095e3f6213a6fa5c
                                                                    • Instruction Fuzzy Hash: F6F09A3A3009108BCB1B6A6D9409A7D63A6ABC6611F18807ADC06CB3A0DE74CD02E399
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05719B28 Relevance: .0, Instructions: 37COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cf6ecc5f82ba06b8a6e3038b32bcb51c26bb1e75439e3be36ced4b1b8ecd0010
                                                                    • Instruction ID: 37927ae32b3e48646a99ac91c57e58b070dbc17084be9af09bc5b2836d265712
                                                                    • Opcode Fuzzy Hash: cf6ecc5f82ba06b8a6e3038b32bcb51c26bb1e75439e3be36ced4b1b8ecd0010
                                                                    • Instruction Fuzzy Hash: B9F0C232B107048BCB117B78C4194AEB775EFC5250F04466EDD4517200EF30A942A6DA
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077FD480 Relevance: .0, Instructions: 36COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b2b1ec0418ee80d275fd98df2ffa8d65b4fb2206fb2334ecd5f8c7b5600777b9
                                                                    • Instruction ID: f6b5e1412cfa6808e08113d1360809be94bbe348f460379ef8b47a6bdf864a4b
                                                                    • Opcode Fuzzy Hash: b2b1ec0418ee80d275fd98df2ffa8d65b4fb2206fb2334ecd5f8c7b5600777b9
                                                                    • Instruction Fuzzy Hash: 9BF04FB4E18208DFCB50EFE9D5556BDBBB9FB49340F4095AAD919A3341D7306A00CF80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0150D744 Relevance: .0, Instructions: 36COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2222533843.000000000150D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0150D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_150d000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d7f36cb82e9dc6842a75c45d13c35407dc4239791ab22568f447a9ceed217e24
                                                                    • Instruction ID: 36d1d6e0a90d89812609e3becd107409abd6ec4810a0638aefdf695382aa16ad
                                                                    • Opcode Fuzzy Hash: d7f36cb82e9dc6842a75c45d13c35407dc4239791ab22568f447a9ceed217e24
                                                                    • Instruction Fuzzy Hash: 87F0C8710053449AE7118E59CC84B66FFE8EF81234F18C45AED084E286C2795840CA70
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05718240 Relevance: .0, Instructions: 36COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 43d992b6a6a54c64b43760e306ec25c15d532f48d1159bd833b65addeff2d8c5
                                                                    • Instruction ID: f65435a58906fd36f3ad56e9b4226838940ba2f48d5a632ba0ed57212800aeb0
                                                                    • Opcode Fuzzy Hash: 43d992b6a6a54c64b43760e306ec25c15d532f48d1159bd833b65addeff2d8c5
                                                                    • Instruction Fuzzy Hash: 23F05E313009104B8B1A6A6D941896E729AAFC6950B144069ED06CB3A0DE64CC06E79A
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D5F60 Relevance: .0, Instructions: 35COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 82d2dae38fefd327fc69fcd0fd367cef1a609532b2d07efb7bba7837c4588415
                                                                    • Instruction ID: 0a8192b9c7c601ee108b13a1bb3aad4a5da8fd403af45db3472a5e9c20b5aca8
                                                                    • Opcode Fuzzy Hash: 82d2dae38fefd327fc69fcd0fd367cef1a609532b2d07efb7bba7837c4588415
                                                                    • Instruction Fuzzy Hash: B5F024B27082418FCB42C6A8A5003E9BFF9EB89120F0980ABD008CB381DA38CD46C710
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D8D7C Relevance: .0, Instructions: 35COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0ad640fd3146ccc86c812b6ad27221daa1a7a38d369a54fc0f820f0ac1406a80
                                                                    • Instruction ID: 06bcf5e5ed0e3611c7c8c1d6c57ac9182166f99e84cf73b4321f31c22fd83146
                                                                    • Opcode Fuzzy Hash: 0ad640fd3146ccc86c812b6ad27221daa1a7a38d369a54fc0f820f0ac1406a80
                                                                    • Instruction Fuzzy Hash: 80F06D7191410A8FDB50DFB8C8417BDBBF0FB04300F0489B9E418D3651EA38DA059B81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D5A81 Relevance: .0, Instructions: 35COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0ad40d297039ce5ee8574046a301da42ce49c0ac110655880e647d2ea9e76371
                                                                    • Instruction ID: be9e2a6656ae03c6b055ebba7801954dafe46b8233cac91f6b713f01d1910267
                                                                    • Opcode Fuzzy Hash: 0ad40d297039ce5ee8574046a301da42ce49c0ac110655880e647d2ea9e76371
                                                                    • Instruction Fuzzy Hash: 9EF0B4767002169FC715AB29D8848993FBEEFCA3907584476F4088B265EA759C41CBD1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077FFCB8 Relevance: .0, Instructions: 34COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1e3cedf609373feed1fd7a7d357d25029ab6ca669ef1f855dbbd76c497f261f6
                                                                    • Instruction ID: 1e07da090339ff29aebc5ceb06933d4b103063e3f408a265731dc4318acf00a2
                                                                    • Opcode Fuzzy Hash: 1e3cedf609373feed1fd7a7d357d25029ab6ca669ef1f855dbbd76c497f261f6
                                                                    • Instruction Fuzzy Hash: CE01AF78E00209AFCB04DFA9C589A9DBFF1AF88300F05C1A5E918AB361DA31D940CF40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DA698 Relevance: .0, Instructions: 34COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a3502276ba519c9d450084f18164d6e5d47aad632a74cc679a0b57970a9ea6c6
                                                                    • Instruction ID: 456b2f041ed57c9470f33ff618af92d06ce0d9f00fd1b95675dd8ee83ec1f112
                                                                    • Opcode Fuzzy Hash: a3502276ba519c9d450084f18164d6e5d47aad632a74cc679a0b57970a9ea6c6
                                                                    • Instruction Fuzzy Hash: 12F0C2B1A00208EFCB41DFA4C905ADD7BF4EF46354F108092D404E7260E2309E16DBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D7488 Relevance: .0, Instructions: 34COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 46039af7b53a915c47149dc8f5ed50b1ab8aad49ad3a91696b0100ff464f417f
                                                                    • Instruction ID: ef97c775a12213b26cbb01891229bf40fa4191af6821b814105c86227a8438e2
                                                                    • Opcode Fuzzy Hash: 46039af7b53a915c47149dc8f5ed50b1ab8aad49ad3a91696b0100ff464f417f
                                                                    • Instruction Fuzzy Hash: 6E01C071A40109EFDF2ACE94C949BEDBBB2AF48311F148059EA113A2A4C7765C50DF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DB320 Relevance: .0, Instructions: 34COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 221fe1403230caa881201b6f4bb7e5dd18e7e9f6974ed6263dd8f6a5a4f3101c
                                                                    • Instruction ID: 7c27ce1242fdd3c666db58ca343e3d3115f3c0ed3d3ce878cc2bd748382137fb
                                                                    • Opcode Fuzzy Hash: 221fe1403230caa881201b6f4bb7e5dd18e7e9f6974ed6263dd8f6a5a4f3101c
                                                                    • Instruction Fuzzy Hash: C1F0C2B1D1424A8FDB50EF78C8417AC7FB0EF06240F4845B6E058D76A2E678CA06DB80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571AE69 Relevance: .0, Instructions: 34COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2f35da4f9da194461650afc4d48c5fda8dcf80e25f631530c4520cff9a656813
                                                                    • Instruction ID: c1c2c2e52502f709b6693fec377d4df035e7a3edd94c7c6dcf3b574a2c595652
                                                                    • Opcode Fuzzy Hash: 2f35da4f9da194461650afc4d48c5fda8dcf80e25f631530c4520cff9a656813
                                                                    • Instruction Fuzzy Hash: 84F0902540E3E04EDB234B7560066343F60AB03135B4D918AE8C586147E915968DA7AD
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05719BA8 Relevance: .0, Instructions: 34COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f45833181d339a07177136209c37c5ad8e552538ee18a187d3c9de13c0975ee0
                                                                    • Instruction ID: 1dbaf3269f13a553c0caf8cb1fcf9349a87c2fac4dd5a65c2226cbbaceaea9c2
                                                                    • Opcode Fuzzy Hash: f45833181d339a07177136209c37c5ad8e552538ee18a187d3c9de13c0975ee0
                                                                    • Instruction Fuzzy Hash: A5F0B4313006018FC7359B1AD48896EF7AAFFC8222B10051DE50A97724DF35EC86C794
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F6560 Relevance: .0, Instructions: 33COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b67a71bd622a5486086632d699b1c79963d4032546241e07f8cba3ebb40707f6
                                                                    • Instruction ID: 45e736acb25c413c8d55e45afe3bb7a1fd050315727a55c35e4d3990422c3bbf
                                                                    • Opcode Fuzzy Hash: b67a71bd622a5486086632d699b1c79963d4032546241e07f8cba3ebb40707f6
                                                                    • Instruction Fuzzy Hash: E4F0F6B52082808FC705CFB4D655969BFB0FF06608B1582CAD8089B377C732EC02CB80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F2DC0 Relevance: .0, Instructions: 33COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 43c6958e2b6b711499cf382b2dc3d0ac5cd1ed4983dfbb204eec3ff0430103d5
                                                                    • Instruction ID: f4425821f5053b4e0b594e88868e50d76d24cf22a845eead5a8cf209fc818a0d
                                                                    • Opcode Fuzzy Hash: 43c6958e2b6b711499cf382b2dc3d0ac5cd1ed4983dfbb204eec3ff0430103d5
                                                                    • Instruction Fuzzy Hash: 63F06D71D1160F8ECF00DFA4CA062EEBBB1FF55211F108526D608F7100E730165A8B90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05717208 Relevance: .0, Instructions: 33COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                                                    • Instruction ID: 4243ceffdd30f352615e2fe6667d750750fc4abca0ae9b7f9b7c733986b7bd1f
                                                                    • Opcode Fuzzy Hash: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                                                    • Instruction Fuzzy Hash: 0601B675D00609DFCB40EFACC54589DBBF4FF49210B1185AAE859EB321E770AA44CF91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05716E00 Relevance: .0, Instructions: 31COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: aef90527599112cc212b2895bf3f67cbb022ccb2310d28687f5d0d0bb7503b7a
                                                                    • Instruction ID: 11313393b6f2444fe6d7c3d7f4fc8c48f8f96150cf8a10105cf6476178a0f7d0
                                                                    • Opcode Fuzzy Hash: aef90527599112cc212b2895bf3f67cbb022ccb2310d28687f5d0d0bb7503b7a
                                                                    • Instruction Fuzzy Hash: A1F0B43600E2C55FCB038F68DD11A953FB69F0A305B0891C2F594CB073C23AC566B765
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571AF5F Relevance: .0, Instructions: 30COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 85ee8e87fdc435ab7f397c62a5683db30a2fb251891be660e562a6658f4b3ac3
                                                                    • Instruction ID: 58880854fc9b79f142627ba01e4577a32208680ca33d533024b751865db4cdf4
                                                                    • Opcode Fuzzy Hash: 85ee8e87fdc435ab7f397c62a5683db30a2fb251891be660e562a6658f4b3ac3
                                                                    • Instruction Fuzzy Hash: 07E065A6D0A208EBC702CEE58945799B7F9EB86214F1880D69844D3152F5358F45A2A5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05716A48 Relevance: .0, Instructions: 30COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 486f2ecc485062b0316e3670ba85e07fc1205e090c2bb0860aaa4068dba8cf9e
                                                                    • Instruction ID: bcc9bed2e53076c7e9e1787073bb0de7d1fdcd062395c6ef56c9aacd27e070cc
                                                                    • Opcode Fuzzy Hash: 486f2ecc485062b0316e3670ba85e07fc1205e090c2bb0860aaa4068dba8cf9e
                                                                    • Instruction Fuzzy Hash: B5F09B71B043586F8705CFADC844CDABFF9EF86120B15C0EAE848DB212F6319D418795
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D8D5C Relevance: .0, Instructions: 29COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7dad39b63dfb1e19e50ef2e43dab14409e7989b4cce020cc9b517c99039e9cc8
                                                                    • Instruction ID: a1c167232d088dc1cd1d1d4005dadd440dae94a682d42710e9d3d44e0e3e39b2
                                                                    • Opcode Fuzzy Hash: 7dad39b63dfb1e19e50ef2e43dab14409e7989b4cce020cc9b517c99039e9cc8
                                                                    • Instruction Fuzzy Hash: 6BF05870E40209AFCB40EFA8C944BEEBBB4FF08310F108465E508E7210E7309A19CB95
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D5A90 Relevance: .0, Instructions: 29COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c901736b1aa698984a0efdd0ae1c7cb3ceea0edc9a6fa391f6354a7204191565
                                                                    • Instruction ID: 682e16c60b8d416f3938dcc2e25f611927417062e1f464a78ba5185b32152393
                                                                    • Opcode Fuzzy Hash: c901736b1aa698984a0efdd0ae1c7cb3ceea0edc9a6fa391f6354a7204191565
                                                                    • Instruction Fuzzy Hash: 13F0303930021A9FCB14AF69D540CAA7BBAEFC93907144476F504CB224EA759C41CBD1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571A3E8 Relevance: .0, Instructions: 28COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c98054ffebab2da3912dc6c44d9cb8dd82d749403805ef3030ef2f1fd07d122b
                                                                    • Instruction ID: f66be8f8b0ce64c7ce493bac6fda00936a62fb8cae3e107876f6575c2fce5cac
                                                                    • Opcode Fuzzy Hash: c98054ffebab2da3912dc6c44d9cb8dd82d749403805ef3030ef2f1fd07d122b
                                                                    • Instruction Fuzzy Hash: 96F0F230240610CFC718DB2CE588C597BEAFF49B1971585A9E50ACB332CB72EC44CB80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DB398 Relevance: .0, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2c1c46c7b34352e1e6e86cbb3694b0591a70afb19abe99247a7fa82e9dbd15c7
                                                                    • Instruction ID: 63241d2cc3bf7b26974f90bc8dae365b96445662c990e8fa2e972bbf4baaad2b
                                                                    • Opcode Fuzzy Hash: 2c1c46c7b34352e1e6e86cbb3694b0591a70afb19abe99247a7fa82e9dbd15c7
                                                                    • Instruction Fuzzy Hash: 59E0ED7321092497C620DB98F8814B9B7B9E744A75329C456F50CCAA29FA62D857D780
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D8645 Relevance: .0, Instructions: 26COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: eec5906d42adc4ff5fa8cfc8d1ee157557edc4f7f4d851c22d0794249ddc7509
                                                                    • Instruction ID: 3d8c1518754b10513fed4b96a42f6a9b82c619ceaccc5d2c0519f40eed0c8f30
                                                                    • Opcode Fuzzy Hash: eec5906d42adc4ff5fa8cfc8d1ee157557edc4f7f4d851c22d0794249ddc7509
                                                                    • Instruction Fuzzy Hash: 09F012B0A4020ACBDF149FB595157AD7AB29F54759F108439D005A6251DF788841CF57
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D5A39 Relevance: .0, Instructions: 26COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ecb5d7dcdba24d8ff4ee59fab5a841914a87368c16a99186ea813d00e56932e6
                                                                    • Instruction ID: afd77dc186e5342cb0f37cf390afe04005e4b25569abd6f0cf513c459a29f8ac
                                                                    • Opcode Fuzzy Hash: ecb5d7dcdba24d8ff4ee59fab5a841914a87368c16a99186ea813d00e56932e6
                                                                    • Instruction Fuzzy Hash: 69F0F875D14248EFCB15DBA4D9448DDBFB8EB45214F1082E6E819A3291FA311E46AB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05717DF0 Relevance: .0, Instructions: 26COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cdf486c11e0fadb20289c903d86195165ad65dde1c09f73c270cacba81343389
                                                                    • Instruction ID: 90684fb763cdefef20ba50d2f3f7a163c209604f337b69458566d114f66fc929
                                                                    • Opcode Fuzzy Hash: cdf486c11e0fadb20289c903d86195165ad65dde1c09f73c270cacba81343389
                                                                    • Instruction Fuzzy Hash: 9CE04F30B0D7104FC71DCB2CA8508697BE9DF4A34131546EAE549CB771D671EC0A8799
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05714D64 Relevance: .0, Instructions: 24COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 20cec0fad8a528f35ea97cee05b20613caa81757f960971362330eb1b83e227a
                                                                    • Instruction ID: 3541ce2b2e8815803e2f412aed11288d63f90d3938635522b5289048ec0c80d5
                                                                    • Opcode Fuzzy Hash: 20cec0fad8a528f35ea97cee05b20613caa81757f960971362330eb1b83e227a
                                                                    • Instruction Fuzzy Hash: BCE0923214015D6BCB019F5DE900EAA3FAEEF49311B008591F90886022C63AD966A7A9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077FEF88 Relevance: .0, Instructions: 23COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2a48c5307a190ae6e931ba488aaa8b0b6418a0534ff310c413af281a49e784a9
                                                                    • Instruction ID: 28dc1d235930d616a6b84ea4487b3cd2f20c607b8ecc3204dd025fc84a42b4c0
                                                                    • Opcode Fuzzy Hash: 2a48c5307a190ae6e931ba488aaa8b0b6418a0534ff310c413af281a49e784a9
                                                                    • Instruction Fuzzy Hash: 99F0A5B4D01219DFCB44DFA8D945AAEBBB1FB08301F5085AAE818A7311D7719A51DF80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F6C63 Relevance: .0, Instructions: 23COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 25dafc01baa092854a422f0ee83b7387edc847d24414f34aae2d54b4d5412874
                                                                    • Instruction ID: e0b816b3dc4bcd3cbdfc044ff0100563d24e5f9c8fb346b484dfa74f9800ab93
                                                                    • Opcode Fuzzy Hash: 25dafc01baa092854a422f0ee83b7387edc847d24414f34aae2d54b4d5412874
                                                                    • Instruction Fuzzy Hash: 0AE0C2B4E05208AFCB54DFA9D5456ACBBF4EB49304F14C5A9D818E3341D632AA12CF80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F50C7 Relevance: .0, Instructions: 23COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1fbb76b88526b94d9dfc02f4293f58d8fce71a7f6d6711a00e11c5b20ee87bfb
                                                                    • Instruction ID: 550d26da84f9da99b3a144b99e15e2a69de5c780adc4d6fdf062cc7860d34d70
                                                                    • Opcode Fuzzy Hash: 1fbb76b88526b94d9dfc02f4293f58d8fce71a7f6d6711a00e11c5b20ee87bfb
                                                                    • Instruction Fuzzy Hash: 8CE092B1849345DFCB42CBB0CA456DD7FF4EF0A201F5049A7904597221EA754954DB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D21E4 Relevance: .0, Instructions: 23COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1b3693d934e4a9f7a382897f2895eee79a6c22e768415cc85ac9425bdb95df40
                                                                    • Instruction ID: cab252816e40adcdf608963c39d4d27d21e12bf32e5614e844f81fe1bc893ddb
                                                                    • Opcode Fuzzy Hash: 1b3693d934e4a9f7a382897f2895eee79a6c22e768415cc85ac9425bdb95df40
                                                                    • Instruction Fuzzy Hash: C7E08630B341548BDB186635D4493BA7A6ADB81756F08CC29B50E82254CEF48C049380
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077FD540 Relevance: .0, Instructions: 22COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0f310514e2d9086ce516ed55a19f664cf81559527aca00aaa02dd601982819b6
                                                                    • Instruction ID: 7fb9838e5a45235d0e42ae7872964f934667a8ef68fc072494eb2ff37b2b70ee
                                                                    • Opcode Fuzzy Hash: 0f310514e2d9086ce516ed55a19f664cf81559527aca00aaa02dd601982819b6
                                                                    • Instruction Fuzzy Hash: E4E01AB4E14208EFCB94DFE8D5456ACFBF4FB49304F10C5A9981893341DA31AA01DF80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F6C68 Relevance: .0, Instructions: 22COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0f310514e2d9086ce516ed55a19f664cf81559527aca00aaa02dd601982819b6
                                                                    • Instruction ID: 7c6a667d7986136e9247ae0c91677b317140583d06f2636c738a01d8a994a894
                                                                    • Opcode Fuzzy Hash: 0f310514e2d9086ce516ed55a19f664cf81559527aca00aaa02dd601982819b6
                                                                    • Instruction Fuzzy Hash: CBE0C2B4E05208AFCB54DFA9D5456ACBBF4EB49304F10C5A9D81893341D631AA02CF80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D99E0 Relevance: .0, Instructions: 22COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b68427363f431959a21888a00cf55ad17cf43e00ebcf6e316a8440163dc34bfc
                                                                    • Instruction ID: c2efac5e7f0ec870bd1c724f08b3bfffdfbe9bc1ccd749f5820a774019ef0d66
                                                                    • Opcode Fuzzy Hash: b68427363f431959a21888a00cf55ad17cf43e00ebcf6e316a8440163dc34bfc
                                                                    • Instruction Fuzzy Hash: 18D05BB371D2D1175617216928154ADEF7AC9C70D031940A7D648CF1629C805C0753E7
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05715293 Relevance: .0, Instructions: 22COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 534035d94c8e35d608279868c7433f12f2f100684470348545e0303a85968a7f
                                                                    • Instruction ID: f91a87dba0555fa7ae29092d73de06f42a9c8dade3b24ebb0bfff7e7eb52fd65
                                                                    • Opcode Fuzzy Hash: 534035d94c8e35d608279868c7433f12f2f100684470348545e0303a85968a7f
                                                                    • Instruction Fuzzy Hash: 8CE09274911109EFCB00DFF0E901A5E7BF9EB85310F20C46AE50897340DA366E00E750
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 057118AC Relevance: .0, Instructions: 22COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 555c7c3613f84d8dfb592588ecf6cc40ed997ba6b03e6597363132ffe8d4ba1f
                                                                    • Instruction ID: 474592faf671e9c922c1c1586df4c25c10b0fcd3134dd911511a567a9103c637
                                                                    • Opcode Fuzzy Hash: 555c7c3613f84d8dfb592588ecf6cc40ed997ba6b03e6597363132ffe8d4ba1f
                                                                    • Instruction Fuzzy Hash: E4F03935A1110CCFDF10EFB8D1485DCB7B2FB49225F6040AAD905BA220CF325E40DB28
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D4F99 Relevance: .0, Instructions: 21COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c51d54426dde249ba5c3be998bc9702f41c56a79be3389db0176dadf3c9d7bbd
                                                                    • Instruction ID: 01ce80ed4672641e2d42413ec26bb174280850345ea1a23a0b205733cbc2a212
                                                                    • Opcode Fuzzy Hash: c51d54426dde249ba5c3be998bc9702f41c56a79be3389db0176dadf3c9d7bbd
                                                                    • Instruction Fuzzy Hash: 67E0CD71B241548BD7245A74E5453EA3F75DB42255F0C882AF40EC7291DEF0CC055380
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F1858 Relevance: .0, Instructions: 20COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9e8b30817a6c5263fa97084ff4176f219e1606bfe06920dd1c27f96b713b002e
                                                                    • Instruction ID: 8b5d0ad3cad700a13d66278bc0b76e567fd2d1a3701a5be95768e343885b4998
                                                                    • Opcode Fuzzy Hash: 9e8b30817a6c5263fa97084ff4176f219e1606bfe06920dd1c27f96b713b002e
                                                                    • Instruction Fuzzy Hash: 25D05E323501288FC3109BB9FA48E927BECEF48A75F4141B6F20DCB221DA62DC008790
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F50D8 Relevance: .0, Instructions: 20COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5f96f9855b30be5d7afa280269a86f25abb7f3d447497f3544441173ad139410
                                                                    • Instruction ID: d2bfc863f63d5a35d984038cec568f5acd83b86286c29419ec86080c9087cffd
                                                                    • Opcode Fuzzy Hash: 5f96f9855b30be5d7afa280269a86f25abb7f3d447497f3544441173ad139410
                                                                    • Instruction Fuzzy Hash: E9E0C2B0415208DFCB01DFF4C9046DD7BFCEB0E301F4089A5A10597210EE715A10DBD1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DE9C3 Relevance: .0, Instructions: 20COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7a2a0bc5554322754fc14fc715ec73d81f12ad91390038948a5dba0ce472d3fd
                                                                    • Instruction ID: 76f21e2394221d55dcdfa4bd457611bd04af6ec012a6c4b9387556130a14c9a8
                                                                    • Opcode Fuzzy Hash: 7a2a0bc5554322754fc14fc715ec73d81f12ad91390038948a5dba0ce472d3fd
                                                                    • Instruction Fuzzy Hash: EAE08C362011118FC712DA5CC489BD833B9EB8A394F1946B2F549EF325C2B6ACC28B81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571AE30 Relevance: .0, Instructions: 20COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0a9a7db5f703ad5f513ff72af42c25a285a73269aa845269ab4d4a43d98a7d3a
                                                                    • Instruction ID: 03dfae86258993d056eb28e55656373b206514faa479c9b9b93d0703958c76ad
                                                                    • Opcode Fuzzy Hash: 0a9a7db5f703ad5f513ff72af42c25a285a73269aa845269ab4d4a43d98a7d3a
                                                                    • Instruction Fuzzy Hash: 41E0C23420B2868FDB298B74945A4717F369E5664474400E9EC0ACB512DB32880EB69D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F6570 Relevance: .0, Instructions: 19COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 79b23f714a8a8b4b92138358f7e5ad940f0d4b0189d38129b47c06660565f770
                                                                    • Instruction ID: 3bfe4b16cf709dce0c59ffad3f5393fc7ee2d5496effc1c53416063268f1a25d
                                                                    • Opcode Fuzzy Hash: 79b23f714a8a8b4b92138358f7e5ad940f0d4b0189d38129b47c06660565f770
                                                                    • Instruction Fuzzy Hash: 39E0C2B4A09208DBCB04DFF4D5416ACBBB8FB46304F50C298D80867341CA32AE02CF80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 057152A0 Relevance: .0, Instructions: 19COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b9ff089746db26842fb6df087cdd36ec2984c2181500aacc28c69ace3e19b8c5
                                                                    • Instruction ID: c52df1feb6bb001fd1516173e2212bd7316845c50ce12dfeedde4afe85da1cc8
                                                                    • Opcode Fuzzy Hash: b9ff089746db26842fb6df087cdd36ec2984c2181500aacc28c69ace3e19b8c5
                                                                    • Instruction Fuzzy Hash: 96E04F74911109EFCB00DFE5E50185D7BF9EB85214B20816AD80897350DA366E00DB51
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 05717E00 Relevance: .0, Instructions: 19COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1e67fc3fc2d9992ec896c67502eb5d5488fea4d770450a41ce1648560b5a8c33
                                                                    • Instruction ID: b417943939c0a7784a876cbad49472db7ba7d95beb16c341336e7302caf7ce29
                                                                    • Opcode Fuzzy Hash: 1e67fc3fc2d9992ec896c67502eb5d5488fea4d770450a41ce1648560b5a8c33
                                                                    • Instruction Fuzzy Hash: F3D017303147149F872CDA1CE840C5AB7EEEF8921032486A9F00AC7660DA60EC098688
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DF57C Relevance: .0, Instructions: 18COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9e51793c0ec2437517796c5c923f2b7e9739fd5b77be23933ab7886398df8ec8
                                                                    • Instruction ID: 99c8f37fe1a7b3e678eea96ada44426260b7cb80d544aa3e01adb49ba2ae0b96
                                                                    • Opcode Fuzzy Hash: 9e51793c0ec2437517796c5c923f2b7e9739fd5b77be23933ab7886398df8ec8
                                                                    • Instruction Fuzzy Hash: 4DE012B0626748CFC7288FA0E0418A87B76BF49385B201099E0139F224EB35AD82CA60
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D4810 Relevance: .0, Instructions: 18COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 98e281bf00c536fc1ed85ced41eb1b34542a6121c5a90a9ab0cf260713f6bbbe
                                                                    • Instruction ID: 30ce734270160576a81b58e5b16b7196af6e612dd066f78830d3609d888abab0
                                                                    • Opcode Fuzzy Hash: 98e281bf00c536fc1ed85ced41eb1b34542a6121c5a90a9ab0cf260713f6bbbe
                                                                    • Instruction Fuzzy Hash: 06D0976260A2D00FC30A4228F800ACC0F798EC30E070C41A3E004C322298100C0683A1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571AF70 Relevance: .0, Instructions: 18COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 44bbd4267eb47609fab0099928bbed3423def89bab42e76bd5be70f39ec19b8e
                                                                    • Instruction ID: 2469ae3481548f90aba43ba36cae94df154e048053316c5881208266cf6bc48e
                                                                    • Opcode Fuzzy Hash: 44bbd4267eb47609fab0099928bbed3423def89bab42e76bd5be70f39ec19b8e
                                                                    • Instruction Fuzzy Hash: EAD05E72A0120CEBDB00CEEAC901AEEB7FEDB84201F10C0AAA808D3140E5354F40A661
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F4C42 Relevance: .0, Instructions: 17COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ed67e51f77b289072804c84ff004129f7c7eea6eb7b63f140a28e1a8c993b5e6
                                                                    • Instruction ID: 8345703a428d05cad928cda83d16d188acec46fc951e5acd19147bd83600c44f
                                                                    • Opcode Fuzzy Hash: ed67e51f77b289072804c84ff004129f7c7eea6eb7b63f140a28e1a8c993b5e6
                                                                    • Instruction Fuzzy Hash: 72D05BB5A00045CFD711DB94D4017DEB775E7C9251F0084A69207AB240C6315D558F50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D8521 Relevance: .0, Instructions: 16COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7e2bf857c2c4f2cd25bf1c7fc40ecf396523e0831f1c19de6804b63755d8ccbc
                                                                    • Instruction ID: d8f7a35dd3d03e822f1b88df50ada893093dc9556eeadf896a888d39001167ab
                                                                    • Opcode Fuzzy Hash: 7e2bf857c2c4f2cd25bf1c7fc40ecf396523e0831f1c19de6804b63755d8ccbc
                                                                    • Instruction Fuzzy Hash: 46D0C7F2B4A12B8ADF928AA0EA8132C7B20C7C1384F240024E811961C1DB68988D8682
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DF504 Relevance: .0, Instructions: 16COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9d391d5417ea80ab45f8eb5371b549dbd7f0babaaad08e066dfe58867d804a3d
                                                                    • Instruction ID: f935360f90158ed3cb4d11329a9da8f3a4a1663d908d42b4a6e4a3033cae40c3
                                                                    • Opcode Fuzzy Hash: 9d391d5417ea80ab45f8eb5371b549dbd7f0babaaad08e066dfe58867d804a3d
                                                                    • Instruction Fuzzy Hash: 3DE08C70522304CFCB54DFA0C445699BB74FF48340B1000A5E826CF268D7368D82CF60
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0571AE40 Relevance: .0, Instructions: 16COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9af125af240de3f19e4f1d748e23c9643996cc327a7e2ab879980b1f40a677b1
                                                                    • Instruction ID: 89b719379e5b719d8ac5a29f6fb82b94bd2a97d22438853bf21fd67248a32a8e
                                                                    • Opcode Fuzzy Hash: 9af125af240de3f19e4f1d748e23c9643996cc327a7e2ab879980b1f40a677b1
                                                                    • Instruction Fuzzy Hash: 9FD0A93035220A83EF248BA8B04AA3577AAAB40A04B440028F80EC5400EB16E808B198
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DE438 Relevance: .0, Instructions: 15COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e86e9a959702ac64274854437b4c3360203fb8853d8a56791ca4c34801ed0cb0
                                                                    • Instruction ID: 11f96155de77aa2f4b8f29c387009c07716ad115488db2be80a9b0635859769b
                                                                    • Opcode Fuzzy Hash: e86e9a959702ac64274854437b4c3360203fb8853d8a56791ca4c34801ed0cb0
                                                                    • Instruction Fuzzy Hash: 66D022B3400A110FE3108A38E86038AA3D0CFA0200F028839808CDFBC0E424888343C0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D99F0 Relevance: .0, Instructions: 15COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a7c19050e7f572eea205a3e4ace791b914d4bcd9b00d4b93c159fba513a349ae
                                                                    • Instruction ID: 12338cc88ee2d231504f628bd38dc1fc880eac51f79e56736e2ac70c3aa18bb2
                                                                    • Opcode Fuzzy Hash: a7c19050e7f572eea205a3e4ace791b914d4bcd9b00d4b93c159fba513a349ae
                                                                    • Instruction Fuzzy Hash: 09C08C32310024230A08304E28058AEA28E89C98B0104003BE20CC73109CC04C0342EA
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077D21B4 Relevance: .0, Instructions: 15COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d7eb4fecd0f7fcde5aee628df90c66ccd16fd71abe5bede9a2b4a04414bc90fe
                                                                    • Instruction ID: 548727683731620764632dbf7ad766dd168ee53e41a2e6f91aeb6e9a6c91d0b6
                                                                    • Opcode Fuzzy Hash: d7eb4fecd0f7fcde5aee628df90c66ccd16fd71abe5bede9a2b4a04414bc90fe
                                                                    • Instruction Fuzzy Hash: 71C080316554A043C61C612CF994FDE466DDFC63A1F448D37F715D31184D655D4981C9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077FD748 Relevance: .0, Instructions: 13COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c61b20ae305be3a5e118bb43c102e00fb644c8a495ed80a5e7ea0ea95b96a216
                                                                    • Instruction ID: ba0065f76b7e5f5823784941845d9914a81193416aaf1c52b31bc077f6937846
                                                                    • Opcode Fuzzy Hash: c61b20ae305be3a5e118bb43c102e00fb644c8a495ed80a5e7ea0ea95b96a216
                                                                    • Instruction Fuzzy Hash: 7DC012B05112089FC710DAF5980E7597EA8D705212F004994A40897101DEB24490DAA2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F4CA4 Relevance: .0, Instructions: 13COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 99e8f0e18221f81799c675abe986ccd62530d698331060f63b201b8cbd480f0a
                                                                    • Instruction ID: f825f3946f6ea852e98b771692399cac7cd19ae68c8d316cf703cb333ae38bdb
                                                                    • Opcode Fuzzy Hash: 99e8f0e18221f81799c675abe986ccd62530d698331060f63b201b8cbd480f0a
                                                                    • Instruction Fuzzy Hash: 32E017B8E0421ACFCB60DFA8D4417ADBBB5FB88300F1009A5D419A7742E7306E81CF80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F4E35 Relevance: .0, Instructions: 12COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5c2e54d2cfab93ad1632dd2c67666235ace29bd9e54619b9145f2073acf01b8b
                                                                    • Instruction ID: 605690c32cfdfe5dd34e74eff8337b780bcb971810a6858f1dad2b8f3479443b
                                                                    • Opcode Fuzzy Hash: 5c2e54d2cfab93ad1632dd2c67666235ace29bd9e54619b9145f2073acf01b8b
                                                                    • Instruction Fuzzy Hash: BBE04C74A16214CBEB54CFA4DD45F9DBBB5FB49300F108195D40D97345DA311945CF10
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F4B63 Relevance: .0, Instructions: 11COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b4b5abecf427810c10b276900498b33bb0bc22158716abb24297a8b82f6f0bd9
                                                                    • Instruction ID: c74082a44f4714cb1ab5b7548cfb15e6c508bcada11c5ed0cbc52ed4bb7f4649
                                                                    • Opcode Fuzzy Hash: b4b5abecf427810c10b276900498b33bb0bc22158716abb24297a8b82f6f0bd9
                                                                    • Instruction Fuzzy Hash: 42D09274A182C8CFCF58CF94D6896ACBBB9EB0A351F10A455A10FAA215EF301984DF00
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DD0DC Relevance: .0, Instructions: 6COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6c51d851a0bae9459b8ded9996e99bb4aec1d0d1d1b210182ac6549584644fb4
                                                                    • Instruction ID: 5e37e5a608606eca109d941b9bc6536efc08ee918cf2b372c72946d4d36be06a
                                                                    • Opcode Fuzzy Hash: 6c51d851a0bae9459b8ded9996e99bb4aec1d0d1d1b210182ac6549584644fb4
                                                                    • Instruction Fuzzy Hash: C3A002E46A7012D1C829337806EC4394938EE82780BCD6C52D50194218C9DB8C08959B
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077F9B75 Relevance: .0, Instructions: 5COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232297761.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77f0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 28369daa04324b06c422a113e38c2f4276d3ed5ad6a5a67bf50dbab6053f9756
                                                                    • Instruction ID: c66a0275a04d46c8b5a9b88f81437f7d2a2a7f9d75ebbcd24ad10eb1aaa150f8
                                                                    • Opcode Fuzzy Hash: 28369daa04324b06c422a113e38c2f4276d3ed5ad6a5a67bf50dbab6053f9756
                                                                    • Instruction Fuzzy Hash: 6EB092704201248FEB109F50C858B9DBA31BB4A306F004096A20E66140CB3409A88F00
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 077DE34B Relevance: .0, Instructions: 3COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2232080881.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_77d0000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 13cdff07b387bda617dea1f64511e0cd481ca917836a94c9bec2b6a909876e9b
                                                                    • Instruction ID: b0c9b4a4b105f6b96f3aef80649c71a36a51d135f81ada80815be1a4b4f573e5
                                                                    • Opcode Fuzzy Hash: 13cdff07b387bda617dea1f64511e0cd481ca917836a94c9bec2b6a909876e9b
                                                                    • Instruction Fuzzy Hash:
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Non-executed Functions

                                                                    Function 057109D0 Relevance: 42.9, Strings: 34, Instructions: 440COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$U
                                                                    • API String ID: 0-4066886754
                                                                    • Opcode ID: 5c76a6f769771ccde6a96853e16c3b8dd8fcbc47a45b03beac82349ee5fa41c5
                                                                    • Instruction ID: 0fb5f837b14e1f62a69ea24427c86ea2c4b88284b2f4aa8b4e07ecbd94df9ba5
                                                                    • Opcode Fuzzy Hash: 5c76a6f769771ccde6a96853e16c3b8dd8fcbc47a45b03beac82349ee5fa41c5
                                                                    • Instruction Fuzzy Hash: 2C123330A0121A8FCB58EFB9E890E9D77B2FF84704F508669D0499B268DF746D49CF91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 057109E0 Relevance: 41.7, Strings: 33, Instructions: 434COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.2229504973.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_5710000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q
                                                                    • API String ID: 0-2711123852
                                                                    • Opcode ID: a42ad296025b27f5b4cef61162cbcf04b08e2de3a96b25249c0b0ac0f41ea8a7
                                                                    • Instruction ID: 1b25337026e5359dc07aee1dc3d41dceb2b22bd97b7d94af652b295f820c3ff9
                                                                    • Opcode Fuzzy Hash: a42ad296025b27f5b4cef61162cbcf04b08e2de3a96b25249c0b0ac0f41ea8a7
                                                                    • Instruction Fuzzy Hash: D7122330A0121A8FCB58EFB9E890E9D77B6FF84704F508668D0499B268DF746D49CF91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Execution Graph

                                                                    Execution Coverage:8.7%
                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                    Signature Coverage:0%
                                                                    Total number of Nodes:20
                                                                    Total number of Limit Nodes:4
                                                                    execution_graph 41527 3158170 41528 31581b6 DeleteFileW 41527->41528 41530 31581ef 41528->41530 41531 3150848 41532 315084e 41531->41532 41533 315091b 41532->41533 41535 315138f 41532->41535 41536 3151393 41535->41536 41537 31514b4 41536->41537 41539 3158348 41536->41539 41537->41532 41540 3158352 41539->41540 41541 315836c 41540->41541 41544 6f0fa00 41540->41544 41548 6f0f9ef 41540->41548 41541->41536 41545 6f0fa15 41544->41545 41546 6f0fc26 41545->41546 41547 6f0fc4b GlobalMemoryStatusEx GlobalMemoryStatusEx 41545->41547 41546->41541 41547->41545 41549 6f0fa15 41548->41549 41550 6f0fc26 41549->41550 41551 6f0fc4b GlobalMemoryStatusEx GlobalMemoryStatusEx 41549->41551 41550->41541 41551->41549

                                                                    Executed Functions

                                                                    Function 06F03430 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 125 6f03430-6f03451 126 6f03453-6f03456 125->126 127 6f03458-6f03477 126->127 128 6f0347c-6f0347f 126->128 127->128 129 6f03c20-6f03c22 128->129 130 6f03485-6f034a4 128->130 132 6f03c24 129->132 133 6f03c29-6f03c2c 129->133 138 6f034a6-6f034a9 130->138 139 6f034bd-6f034c7 130->139 132->133 133->126 134 6f03c32-6f03c3b 133->134 138->139 140 6f034ab-6f034bb 138->140 143 6f034cd-6f034dc 139->143 140->143 254 6f034de call 6f03c50 143->254 255 6f034de call 6f03c49 143->255 144 6f034e3-6f034e8 145 6f034f5-6f037d2 144->145 146 6f034ea-6f034f0 144->146 167 6f03c12-6f03c1f 145->167 168 6f037d8-6f03887 145->168 146->134 177 6f038b0 168->177 178 6f03889-6f038ae 168->178 180 6f038b9-6f038cc call 6f02368 177->180 178->180 183 6f038d2-6f038f4 call 6f02374 180->183 184 6f03bf9-6f03c05 180->184 183->184 188 6f038fa-6f03904 183->188 184->168 185 6f03c0b 184->185 185->167 188->184 189 6f0390a-6f03915 188->189 189->184 190 6f0391b-6f039f1 189->190 202 6f039f3-6f039f5 190->202 203 6f039ff-6f03a2f 190->203 202->203 207 6f03a31-6f03a33 203->207 208 6f03a3d-6f03a49 203->208 207->208 209 6f03aa9-6f03aad 208->209 210 6f03a4b-6f03a4f 208->210 212 6f03ab3-6f03aef 209->212 213 6f03bea-6f03bf3 209->213 210->209 211 6f03a51-6f03a7b 210->211 220 6f03a89-6f03aa6 call 6f02380 211->220 221 6f03a7d-6f03a7f 211->221 224 6f03af1-6f03af3 212->224 225 6f03afd-6f03b0b 212->225 213->184 213->190 220->209 221->220 224->225 228 6f03b22-6f03b2d 225->228 229 6f03b0d-6f03b18 225->229 233 6f03b45-6f03b56 228->233 234 6f03b2f-6f03b35 228->234 229->228 232 6f03b1a 229->232 232->228 238 6f03b58-6f03b5e 233->238 239 6f03b6e-6f03b7a 233->239 235 6f03b37 234->235 236 6f03b39-6f03b3b 234->236 235->233 236->233 240 6f03b60 238->240 241 6f03b62-6f03b64 238->241 243 6f03b92-6f03be3 239->243 244 6f03b7c-6f03b82 239->244 240->239 241->239 243->213 245 6f03b84 244->245 246 6f03b86-6f03b88 244->246 245->243 246->243 254->144 255->144
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                                                    • API String ID: 0-3723351465
                                                                    • Opcode ID: 5bbe6a996681607896d80f660cc778ae0c30c9bc0e46146515c776118149c55c
                                                                    • Instruction ID: c0571b9b65e9ac9c10d0a000e2c94cd4ae0865083b61f7afe9305cb5f8d0209c
                                                                    • Opcode Fuzzy Hash: 5bbe6a996681607896d80f660cc778ae0c30c9bc0e46146515c776118149c55c
                                                                    • Instruction Fuzzy Hash: 91325F31E1061ACFDB15DF79D89469DB3B6FFC9300F10C66AD449AB264EB30A985CB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F0B608 Relevance: 8.0, Strings: 6, Instructions: 467COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 256 6f0b608-6f0b62a 257 6f0b62c-6f0b62f 256->257 258 6f0b631-6f0b68e call 6f06578 257->258 259 6f0b693-6f0b696 257->259 258->259 260 6f0b7da-6f0b7db 259->260 261 6f0b69c-6f0b69f 259->261 262 6f0b7e0-6f0b7e3 260->262 263 6f0b6a1-6f0b6a5 261->263 264 6f0b6b6-6f0b6b9 261->264 266 6f0b805-6f0b808 262->266 267 6f0b7e5-6f0b800 262->267 268 6f0b6ab-6f0b6b1 263->268 269 6f0b99f-6f0b9d6 263->269 271 6f0b6d0-6f0b6d3 264->271 272 6f0b6bb-6f0b6be 264->272 275 6f0b812-6f0b815 266->275 276 6f0b80a-6f0b80d 266->276 267->266 268->264 309 6f0b9d8-6f0b9db 269->309 273 6f0b6e3-6f0b6e6 271->273 274 6f0b6d5-6f0b6de 271->274 272->269 278 6f0b6c4-6f0b6cb 272->278 279 6f0b724-6f0b727 273->279 280 6f0b6e8-6f0b6fd 273->280 274->273 283 6f0b817-6f0b81a 275->283 284 6f0b87f-6f0b888 275->284 276->275 278->271 285 6f0b766-6f0b769 279->285 286 6f0b729-6f0b73e 279->286 280->269 306 6f0b703-6f0b71f 280->306 287 6f0b81c-6f0b823 283->287 288 6f0b82e-6f0b831 283->288 289 6f0b90b-6f0b914 284->289 290 6f0b88e 284->290 292 6f0b77b-6f0b77e 285->292 293 6f0b76b 285->293 286->269 324 6f0b744-6f0b761 286->324 287->274 297 6f0b829 287->297 299 6f0b833-6f0b84f 288->299 300 6f0b854-6f0b857 288->300 289->269 301 6f0b91a-6f0b921 289->301 298 6f0b893-6f0b896 290->298 304 6f0b780-6f0b783 292->304 305 6f0b788-6f0b78b 292->305 316 6f0b773-6f0b776 293->316 297->288 311 6f0b898-6f0b89c 298->311 312 6f0b8bd-6f0b8c0 298->312 299->300 307 6f0b859-6f0b85d 300->307 308 6f0b87a-6f0b87d 300->308 302 6f0b926-6f0b929 301->302 314 6f0b939-6f0b93c 302->314 315 6f0b92b-6f0b934 302->315 304->305 317 6f0b79b-6f0b79e 305->317 318 6f0b78d-6f0b796 305->318 306->279 307->269 319 6f0b863-6f0b873 307->319 308->284 308->298 322 6f0b9dd-6f0b9f9 309->322 323 6f0b9fe-6f0ba01 309->323 311->269 320 6f0b8a2-6f0b8b2 311->320 312->260 321 6f0b8c6-6f0b8c9 312->321 325 6f0b949-6f0b94c 314->325 326 6f0b93e-6f0b944 314->326 315->314 316->292 317->260 328 6f0b7a0-6f0b7a3 317->328 318->317 329 6f0b8cb-6f0b8cf 319->329 351 6f0b875 319->351 320->260 355 6f0b8b8 320->355 321->329 330 6f0b8ec-6f0b8ef 321->330 322->323 332 6f0ba07-6f0ba2f 323->332 333 6f0bc6d-6f0bc6f 323->333 324->285 335 6f0b956-6f0b959 325->335 336 6f0b94e-6f0b953 325->336 326->325 338 6f0b7a5-6f0b7a7 328->338 339 6f0b7aa-6f0b7ad 328->339 329->269 343 6f0b8d5-6f0b8e5 329->343 345 6f0b8f1-6f0b8f5 330->345 346 6f0b906-6f0b909 330->346 375 6f0ba31-6f0ba34 332->375 376 6f0ba39-6f0ba7d 332->376 340 6f0bc71 333->340 341 6f0bc76-6f0bc79 333->341 349 6f0b95b-6f0b95f 335->349 350 6f0b96c-6f0b96f 335->350 336->335 338->339 352 6f0b7b4-6f0b7b7 339->352 353 6f0b7af-6f0b7b2 339->353 340->341 341->309 354 6f0bc7f-6f0bc88 341->354 343->311 371 6f0b8e7 343->371 345->269 356 6f0b8fb-6f0b901 345->356 346->289 346->302 349->269 358 6f0b961-6f0b967 349->358 359 6f0b971-6f0b97d 350->359 360 6f0b982-6f0b984 350->360 351->308 352->272 362 6f0b7bd 352->362 353->352 361 6f0b7c2-6f0b7c5 353->361 355->312 356->346 358->350 359->360 367 6f0b986 360->367 368 6f0b98b-6f0b98e 360->368 369 6f0b7d5-6f0b7d8 361->369 370 6f0b7c7-6f0b7d0 361->370 362->361 367->368 368->257 373 6f0b994-6f0b99e 368->373 369->260 369->262 370->369 371->330 375->354 380 6f0bc62-6f0bc6c 376->380 381 6f0ba83-6f0ba8c 376->381 382 6f0ba92-6f0bafe call 6f06578 381->382 383 6f0bc58-6f0bc5d 381->383 391 6f0bb04-6f0bb09 382->391 392 6f0bbf8-6f0bc0d 382->392 383->380 394 6f0bb25 391->394 395 6f0bb0b-6f0bb11 391->395 392->383 398 6f0bb27-6f0bb2d 394->398 396 6f0bb13-6f0bb15 395->396 397 6f0bb17-6f0bb19 395->397 401 6f0bb23 396->401 397->401 399 6f0bb42-6f0bb4f 398->399 400 6f0bb2f-6f0bb35 398->400 408 6f0bb51-6f0bb57 399->408 409 6f0bb67-6f0bb74 399->409 402 6f0bbe3-6f0bbf2 400->402 403 6f0bb3b 400->403 401->398 402->391 402->392 403->399 404 6f0bb76-6f0bb83 403->404 405 6f0bbaa-6f0bbb7 403->405 415 6f0bb85-6f0bb8b 404->415 416 6f0bb9b-6f0bba8 404->416 417 6f0bbb9-6f0bbbf 405->417 418 6f0bbcf-6f0bbdc 405->418 410 6f0bb59 408->410 411 6f0bb5b-6f0bb5d 408->411 409->402 410->409 411->409 419 6f0bb8d 415->419 420 6f0bb8f-6f0bb91 415->420 416->402 421 6f0bbc1 417->421 422 6f0bbc3-6f0bbc5 417->422 418->402 419->416 420->416 421->418 422->418
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                                                    • API String ID: 0-3723351465
                                                                    • Opcode ID: a36035aa6ae26e06a3053dfc7b1a716207584e49105fbfdc7d924986b3742fe9
                                                                    • Instruction ID: f5a1eac950b9af68c6b83808c077a0065fce5e0708130588863a24eb69b90ff5
                                                                    • Opcode Fuzzy Hash: a36035aa6ae26e06a3053dfc7b1a716207584e49105fbfdc7d924986b3742fe9
                                                                    • Instruction Fuzzy Hash: E3026C70E1020A8FEFA4CF68D580BADB7B6FB45310F10892AD415EB295DB36ED45DB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F05568 Relevance: 1.8, Strings: 1, Instructions: 589COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1436 6f05568-6f05585 1437 6f05587-6f0558a 1436->1437 1438 6f05598-6f0559b 1437->1438 1439 6f0558c-6f05593 1437->1439 1440 6f0559d-6f055a3 1438->1440 1441 6f055ae-6f055b1 1438->1441 1439->1438 1442 6f056c4-6f056d2 1440->1442 1443 6f055a9 1440->1443 1444 6f055b3-6f055b4 1441->1444 1445 6f055b9-6f055bc 1441->1445 1452 6f056d9-6f056dc 1442->1452 1443->1441 1444->1445 1446 6f055cd-6f055d0 1445->1446 1447 6f055be-6f055c2 1445->1447 1450 6f055d2-6f055d5 1446->1450 1451 6f05605-6f05608 1446->1451 1448 6f05734-6f05740 1447->1448 1449 6f055c8 1447->1449 1449->1446 1453 6f05741-6f0576b 1450->1453 1454 6f055db-6f055e6 1450->1454 1456 6f0560a-6f0560c 1451->1456 1457 6f0560f-6f05612 1451->1457 1455 6f056e1-6f056e4 1452->1455 1475 6f05775-6f05778 1453->1475 1454->1453 1458 6f055ec-6f055f6 1454->1458 1459 6f056e6-6f056f6 1455->1459 1460 6f056fb-6f056fe 1455->1460 1456->1457 1457->1440 1461 6f05614-6f05617 1457->1461 1458->1453 1462 6f055fc-6f05600 1458->1462 1459->1460 1466 6f05700-6f0571d 1460->1466 1467 6f05722-6f05724 1460->1467 1464 6f05619-6f05629 1461->1464 1465 6f0562e-6f05631 1461->1465 1462->1451 1464->1465 1468 6f05633-6f05636 1465->1468 1469 6f0563b-6f0563e 1465->1469 1466->1467 1470 6f05726 1467->1470 1471 6f0572b-6f0572e 1467->1471 1468->1469 1473 6f05640-6f05646 1469->1473 1474 6f0564d-6f05650 1469->1474 1470->1471 1471->1437 1471->1448 1473->1450 1478 6f05648 1473->1478 1474->1473 1479 6f05652-6f05655 1474->1479 1480 6f0579a-6f0579d 1475->1480 1481 6f0577a-6f0577e 1475->1481 1478->1474 1483 6f05657-6f0565a 1479->1483 1484 6f0565f-6f05662 1479->1484 1487 6f057ae-6f057b1 1480->1487 1488 6f0579f-6f057a9 1480->1488 1485 6f05784-6f0578c 1481->1485 1486 6f05866-6f058a4 1481->1486 1483->1484 1491 6f05671-6f05674 1484->1491 1492 6f05664-6f0566a 1484->1492 1485->1486 1493 6f05792-6f05795 1485->1493 1524 6f058a6-6f058a9 1486->1524 1489 6f057d3-6f057d6 1487->1489 1490 6f057b3-6f057b7 1487->1490 1488->1487 1496 6f057f4-6f057f7 1489->1496 1497 6f057d8-6f057dc 1489->1497 1490->1486 1495 6f057bd-6f057c5 1490->1495 1499 6f05691-6f05694 1491->1499 1500 6f05676-6f0568c 1491->1500 1492->1483 1498 6f0566c 1492->1498 1493->1480 1495->1486 1502 6f057cb-6f057ce 1495->1502 1504 6f05807-6f0580a 1496->1504 1505 6f057f9-6f05800 1496->1505 1497->1486 1503 6f057e2-6f057ea 1497->1503 1498->1491 1506 6f056a0-6f056a3 1499->1506 1507 6f05696-6f0569f 1499->1507 1500->1499 1502->1489 1503->1486 1510 6f057ec-6f057ef 1503->1510 1514 6f05814-6f05817 1504->1514 1515 6f0580c-6f05813 1504->1515 1511 6f05802 1505->1511 1512 6f0585e-6f05865 1505->1512 1508 6f056a5-6f056ba 1506->1508 1509 6f056bf-6f056c2 1506->1509 1508->1509 1509->1442 1509->1455 1510->1496 1511->1504 1517 6f05819-6f0582a 1514->1517 1518 6f0582f-6f05832 1514->1518 1517->1518 1521 6f05834-6f05838 1518->1521 1522 6f0584c-6f0584e 1518->1522 1521->1486 1525 6f0583a-6f05842 1521->1525 1526 6f05850 1522->1526 1527 6f05855-6f05858 1522->1527 1528 6f058c7-6f058ca 1524->1528 1529 6f058ab-6f058bc 1524->1529 1525->1486 1530 6f05844-6f05847 1525->1530 1526->1527 1527->1475 1527->1512 1531 6f058d0-6f05a64 1528->1531 1532 6f05bb3-6f05bb6 1528->1532 1536 6f058c2 1529->1536 1537 6f05bc5-6f05bcc 1529->1537 1530->1522 1587 6f05a6a-6f05a71 1531->1587 1588 6f05b9d-6f05bb0 1531->1588 1534 6f05bc0-6f05bc3 1532->1534 1535 6f05bb8-6f05bbd 1532->1535 1534->1537 1538 6f05bd1-6f05bd4 1534->1538 1535->1534 1536->1528 1537->1538 1540 6f05bd6-6f05be9 1538->1540 1541 6f05bec-6f05bef 1538->1541 1543 6f05bf1-6f05c02 1541->1543 1544 6f05c09-6f05c0c 1541->1544 1550 6f05c04 1543->1550 1551 6f05c3d-6f05c4e 1543->1551 1544->1531 1545 6f05c12-6f05c15 1544->1545 1545->1531 1547 6f05c1b-6f05c1e 1545->1547 1552 6f05c20-6f05c31 1547->1552 1553 6f05c38-6f05c3b 1547->1553 1550->1544 1551->1537 1564 6f05c54 1551->1564 1552->1540 1563 6f05c33 1552->1563 1553->1551 1555 6f05c59-6f05c5c 1553->1555 1558 6f05c6a-6f05c6d 1555->1558 1559 6f05c5e-6f05c65 1555->1559 1560 6f05c8b-6f05c8d 1558->1560 1561 6f05c6f-6f05c80 1558->1561 1559->1558 1565 6f05c94-6f05c97 1560->1565 1566 6f05c8f 1560->1566 1561->1537 1570 6f05c86 1561->1570 1563->1553 1564->1555 1565->1524 1569 6f05c9d-6f05ca6 1565->1569 1566->1565 1570->1560 1589 6f05b25-6f05b2c 1587->1589 1590 6f05a77-6f05aaa 1587->1590 1589->1588 1591 6f05b2e-6f05b61 1589->1591 1601 6f05aac 1590->1601 1602 6f05aaf-6f05af0 1590->1602 1603 6f05b63 1591->1603 1604 6f05b66-6f05b93 1591->1604 1601->1602 1612 6f05af2-6f05b03 1602->1612 1613 6f05b08-6f05b0f 1602->1613 1603->1604 1604->1569 1612->1569 1615 6f05b17-6f05b19 1613->1615 1615->1569
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $
                                                                    • API String ID: 0-3993045852
                                                                    • Opcode ID: b42447a00843bdb4dd5293ba73bdc5f3040b495023395758f78e3251c4b412ad
                                                                    • Instruction ID: 340e9324a5727d4db2882692de5e76b43a1dcb29998582fc5c69f6ffdf80fc82
                                                                    • Opcode Fuzzy Hash: b42447a00843bdb4dd5293ba73bdc5f3040b495023395758f78e3251c4b412ad
                                                                    • Instruction Fuzzy Hash: 4622A075E002198FEF64DBA4C6806AEBBB2EF85310F208569D819EB380DB75DD41DF91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F065C8 Relevance: .8, Instructions: 810COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 97fa0613980065e5b93f3bc703b6d9324001e20ab9111591578963d63b6b2f44
                                                                    • Instruction ID: 71d904f28b126dcc245dc1e085bee4a97d22c5008681dedf5b0ec55ef8321a26
                                                                    • Opcode Fuzzy Hash: 97fa0613980065e5b93f3bc703b6d9324001e20ab9111591578963d63b6b2f44
                                                                    • Instruction Fuzzy Hash: BF629C34E002058FEB54DB68D594AADB7F6EF88314F148969E809EB394DB35EC42DB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F0B1E8 Relevance: .6, Instructions: 571COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9d211db1195adf6fbd6baa3814ec7def85aefad97f5264bff5cbebc6552ea061
                                                                    • Instruction ID: 8dba309dfd4a76348aa737656d42d2132293f5a36f002c88a6b6d32f87613366
                                                                    • Opcode Fuzzy Hash: 9d211db1195adf6fbd6baa3814ec7def85aefad97f5264bff5cbebc6552ea061
                                                                    • Instruction Fuzzy Hash: 4A225D34E1010A9FEFA4CF68D5907ADB7B6FB49310F208926E405DB3D5CA36DD819B91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F0AC90 Relevance: 10.4, Strings: 8, Instructions: 389COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 0 6f0ac90-6f0acae 1 6f0acb0-6f0acb3 0->1 2 6f0acb5-6f0acd1 1->2 3 6f0acd6-6f0acd9 1->3 2->3 4 6f0ace3-6f0ace6 3->4 5 6f0acdb-6f0ace0 3->5 6 6f0acf7-6f0acfa 4->6 7 6f0ace8-6f0acec 4->7 5->4 11 6f0ad0a-6f0ad0d 6->11 12 6f0acfc-6f0ad05 6->12 9 6f0acf2 7->9 10 6f0aebc-6f0aec6 7->10 9->6 13 6f0ad21-6f0ad24 11->13 14 6f0ad0f-6f0ad1c 11->14 12->11 16 6f0ad26-6f0ad2f 13->16 17 6f0ad3e-6f0ad41 13->17 14->13 19 6f0ad35-6f0ad39 16->19 20 6f0aec7-6f0aefe 16->20 21 6f0ad47-6f0ad4a 17->21 22 6f0aead-6f0aeb6 17->22 19->17 31 6f0af00-6f0af03 20->31 23 6f0ad64-6f0ad66 21->23 24 6f0ad4c-6f0ad5f 21->24 22->10 22->16 25 6f0ad68 23->25 26 6f0ad6d-6f0ad70 23->26 24->23 25->26 26->1 29 6f0ad76-6f0ad9a 26->29 42 6f0ada0-6f0adaf 29->42 43 6f0aeaa 29->43 33 6f0af10-6f0af13 31->33 34 6f0af05-6f0af09 31->34 35 6f0af15-6f0af31 33->35 36 6f0af36-6f0af39 33->36 38 6f0af61-6f0af9c 34->38 39 6f0af0b 34->39 35->36 40 6f0af46-6f0af49 36->40 41 6f0af3b-6f0af45 36->41 49 6f0afa2-6f0afae 38->49 50 6f0b18f-6f0b1a2 38->50 39->33 46 6f0af58-6f0af5b 40->46 47 6f0af4b call 6f0b1e8 40->47 56 6f0adb1-6f0adb7 42->56 57 6f0adc7-6f0ae02 call 6f06578 42->57 43->22 46->38 48 6f0b1c4-6f0b1c6 46->48 58 6f0af51-6f0af53 47->58 54 6f0b1c8 48->54 55 6f0b1cd-6f0b1d0 48->55 64 6f0afb0-6f0afc9 49->64 65 6f0afce-6f0b012 49->65 53 6f0b1a4 50->53 53->48 54->55 55->31 60 6f0b1d6-6f0b1e0 55->60 61 6f0adb9 56->61 62 6f0adbb-6f0adbd 56->62 75 6f0ae04-6f0ae0a 57->75 76 6f0ae1a-6f0ae31 57->76 58->46 61->57 62->57 64->53 81 6f0b014-6f0b026 65->81 82 6f0b02e-6f0b06d 65->82 78 6f0ae0c 75->78 79 6f0ae0e-6f0ae10 75->79 86 6f0ae33-6f0ae39 76->86 87 6f0ae49-6f0ae5a 76->87 78->76 79->76 81->82 88 6f0b073-6f0b14e call 6f06578 82->88 89 6f0b154-6f0b169 82->89 91 6f0ae3b 86->91 92 6f0ae3d-6f0ae3f 86->92 96 6f0ae72-6f0aea3 87->96 97 6f0ae5c-6f0ae62 87->97 88->89 89->50 91->87 92->87 96->43 99 6f0ae64 97->99 100 6f0ae66-6f0ae68 97->100 99->96 100->96
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                                    • API String ID: 0-1273862796
                                                                    • Opcode ID: 9f54140ebc57e8d6d69eb58d216fbdb1d5a5284d7115f5ac5b92607d79e8700f
                                                                    • Instruction ID: 6d1a2f9a2b48fa474d989b94c8f88ac23e28bd57d0edc64ec74394c7f0de95ae
                                                                    • Opcode Fuzzy Hash: 9f54140ebc57e8d6d69eb58d216fbdb1d5a5284d7115f5ac5b92607d79e8700f
                                                                    • Instruction Fuzzy Hash: 09E15030E103098FDB69DF69D9906AEB7B6EF89304F108929D805DB395DB35EC46CB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F04B38 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 491 6f04b38-6f04b5c 492 6f04b5e-6f04b61 491->492 493 6f05240-6f05243 492->493 494 6f04b67-6f04c5f 492->494 495 6f05264-6f05266 493->495 496 6f05245-6f0525f 493->496 514 6f04ce2-6f04ce9 494->514 515 6f04c65-6f04cb2 call 6f053e0 494->515 497 6f05268 495->497 498 6f0526d-6f05270 495->498 496->495 497->498 498->492 500 6f05276-6f05283 498->500 516 6f04d6d-6f04d76 514->516 517 6f04cef-6f04d5f 514->517 528 6f04cb8-6f04cd4 515->528 516->500 534 6f04d61 517->534 535 6f04d6a 517->535 531 6f04cd6 528->531 532 6f04cdf 528->532 531->532 532->514 534->535 535->516
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: fbq$XPbq$\Obq
                                                                    • API String ID: 0-4057264190
                                                                    • Opcode ID: 61bc282423ec950776b6b77bec59ea9df3e88e14d3dfcc37f32626a296b6a6b3
                                                                    • Instruction ID: c768d4c24c672dd78e2818ddc5e842d0f255d3cc1c370680e5970c968c158905
                                                                    • Opcode Fuzzy Hash: 61bc282423ec950776b6b77bec59ea9df3e88e14d3dfcc37f32626a296b6a6b3
                                                                    • Instruction Fuzzy Hash: 9D616D30E102099FEF549FA9C8547AEBBF6FF88700F20842AD509EB391DB758D458B91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 03158168 Relevance: 1.6, APIs: 1, Instructions: 57fileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1616 3158168-31581ba 1618 31581c2-31581ed DeleteFileW 1616->1618 1619 31581bc-31581bf 1616->1619 1620 31581f6-315821e 1618->1620 1621 31581ef-31581f5 1618->1621 1619->1618 1621->1620
                                                                    APIs
                                                                    • DeleteFileW.KERNELBASE(00000000), ref: 031581E0
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4476550062.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_3150000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: DeleteFile
                                                                    • String ID:
                                                                    • API String ID: 4033686569-0
                                                                    • Opcode ID: 84019980cfa7b6958db99e94c40eb7c7d59a1f16adf0644a874fc9d30e1aa6d6
                                                                    • Instruction ID: d3374d023e566fc91aad92500d65a734d87a42c68f080b7c77d4766166a171fb
                                                                    • Opcode Fuzzy Hash: 84019980cfa7b6958db99e94c40eb7c7d59a1f16adf0644a874fc9d30e1aa6d6
                                                                    • Instruction Fuzzy Hash: 282115B1D0065A9FCB14CF9AC54469EFBB4FB48310F15855AE818A7640D738AA44CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 03158170 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1624 3158170-31581ba 1626 31581c2-31581ed DeleteFileW 1624->1626 1627 31581bc-31581bf 1624->1627 1628 31581f6-315821e 1626->1628 1629 31581ef-31581f5 1626->1629 1627->1626 1629->1628
                                                                    APIs
                                                                    • DeleteFileW.KERNELBASE(00000000), ref: 031581E0
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4476550062.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_3150000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: DeleteFile
                                                                    • String ID:
                                                                    • API String ID: 4033686569-0
                                                                    • Opcode ID: 59e5a5d7e7daa5eb55fb54fcc8285b4962646e70ebde114554f9cc9389a5c650
                                                                    • Instruction ID: 275ad5118fbd7bdb888a39d168a035a975c5add8b1a3dba082d2b422ac3fce18
                                                                    • Opcode Fuzzy Hash: 59e5a5d7e7daa5eb55fb54fcc8285b4962646e70ebde114554f9cc9389a5c650
                                                                    • Instruction Fuzzy Hash: EB1106B1D0065A9FCB14DF9AC54569EFBF4FF48320F14852AE828B7240D778A944CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0315F088 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1632 315f088-315f0fc GlobalMemoryStatusEx 1634 315f105-315f12d 1632->1634 1635 315f0fe-315f104 1632->1635 1635->1634
                                                                    APIs
                                                                    • GlobalMemoryStatusEx.KERNELBASE ref: 0315F0EF
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4476550062.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_3150000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: GlobalMemoryStatus
                                                                    • String ID:
                                                                    • API String ID: 1890195054-0
                                                                    • Opcode ID: 8e476fd2d99b1df28f1575859c6576af7a1701a032773e5b764676aa7da3b166
                                                                    • Instruction ID: 665dbf81ef031179e2ee8c8fb6f67f9b8b99e116577c3c2dd3ed6ab5584d9390
                                                                    • Opcode Fuzzy Hash: 8e476fd2d99b1df28f1575859c6576af7a1701a032773e5b764676aa7da3b166
                                                                    • Instruction Fuzzy Hash: AD11E2B1C00659DBCB10DF9AC544A9EFBF4AF48320F15856AE828B7240D778A945CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0315F087 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1638 315f087-315f0fc GlobalMemoryStatusEx 1640 315f105-315f12d 1638->1640 1641 315f0fe-315f104 1638->1641 1641->1640
                                                                    APIs
                                                                    • GlobalMemoryStatusEx.KERNELBASE ref: 0315F0EF
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4476550062.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_3150000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID: GlobalMemoryStatus
                                                                    • String ID:
                                                                    • API String ID: 1890195054-0
                                                                    • Opcode ID: c6b9dbb49c1eb00bf3f2e205ace417418dc340329a2990ddcd50a7631e99f8f2
                                                                    • Instruction ID: 31d95841fc47ea953f93b0a04489e23f67116f0340bdd894d4b2f44e49b86789
                                                                    • Opcode Fuzzy Hash: c6b9dbb49c1eb00bf3f2e205ace417418dc340329a2990ddcd50a7631e99f8f2
                                                                    • Instruction Fuzzy Hash: F411E2B1C00659DBCB10DF9AC54579EFBF4AF08310F15856AE828B7240D378A945CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F04B29 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: XPbq
                                                                    • API String ID: 0-864591470
                                                                    • Opcode ID: 90c6e9e43e9c9eb16938802456dc990bce3f082204d64ba9107597871c0dd0b9
                                                                    • Instruction ID: f7655ffd8459555d8cbba3a275e625576b4593f1073d7f8ee101b4f57db02ed4
                                                                    • Opcode Fuzzy Hash: 90c6e9e43e9c9eb16938802456dc990bce3f082204d64ba9107597871c0dd0b9
                                                                    • Instruction Fuzzy Hash: 09416F74F002099FEB559FA9C854BAEBBF6BF88700F20852AD105EB3D5DB748C018B91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F0DA7F Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: PH]q
                                                                    • API String ID: 0-3168235125
                                                                    • Opcode ID: 377914a81b5d13c6922fc52c2b5a7219a2953249199fecbd2ec325da6168e98a
                                                                    • Instruction ID: bc04a04ef40e16ab4bd60f64830e2bee3642bce2766422c40d98915143368b8d
                                                                    • Opcode Fuzzy Hash: 377914a81b5d13c6922fc52c2b5a7219a2953249199fecbd2ec325da6168e98a
                                                                    • Instruction Fuzzy Hash: 1B419170E0020ADFEB54CFA4C9546AEBBB6FF85340F208929D406EB284DB74D946DB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F021B5 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: PH]q
                                                                    • API String ID: 0-3168235125
                                                                    • Opcode ID: 5ac5623b5dfe5a9a125487e2f261810257fa1576302238d3934be44569920e19
                                                                    • Instruction ID: f724a5f171d90f53358d9acab0e48d83c67c00db64f41900c6fd8b9f3e92e639
                                                                    • Opcode Fuzzy Hash: 5ac5623b5dfe5a9a125487e2f261810257fa1576302238d3934be44569920e19
                                                                    • Instruction Fuzzy Hash: B631EE31B102058FEF599BB4C86866E77E7EF89340F108929C406DB384DE38DE06CBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F021C8 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: PH]q
                                                                    • API String ID: 0-3168235125
                                                                    • Opcode ID: a368d4240c2ddf66fdbdda7d41a8c9cd5c59fb70e783e7fc332f08aaeafa907d
                                                                    • Instruction ID: a17285eba991b6fc1caa554e16e319ffec6e07cbf485703c895a7afd6398e878
                                                                    • Opcode Fuzzy Hash: a368d4240c2ddf66fdbdda7d41a8c9cd5c59fb70e783e7fc332f08aaeafa907d
                                                                    • Instruction Fuzzy Hash: B131E130B102059FEB599BB4D86866E77E7EF89740F208438C406DB384DE35DE06C7A1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F08298 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $]q
                                                                    • API String ID: 0-1007455737
                                                                    • Opcode ID: d49789b9cc4ad1bacdd9ef2c773d0e9f982521edbacd695618f60fcdf1cf99f0
                                                                    • Instruction ID: f1b7e3efbf368df1b9dacad20356f17306ef81355a304cf7e2e9cf84426493a0
                                                                    • Opcode Fuzzy Hash: d49789b9cc4ad1bacdd9ef2c773d0e9f982521edbacd695618f60fcdf1cf99f0
                                                                    • Instruction Fuzzy Hash: F7F0FF36F00201CFFF688A88E9912B877A9EB88390F044426D914D72D1CB35ED01DB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F02741 Relevance: 1.0, Instructions: 1004COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bdb88600d77fd06c8bac8acbf8b5ed69bc906ac6c6a9ed0fa61857fde6d23334
                                                                    • Instruction ID: e81f2d31ed7f90764b29f4e2a026da3815a9bfc544d10b7074407bb98fc0d6e6
                                                                    • Opcode Fuzzy Hash: bdb88600d77fd06c8bac8acbf8b5ed69bc906ac6c6a9ed0fa61857fde6d23334
                                                                    • Instruction Fuzzy Hash: 24926934E002058FEB64CF68C588B5DB7F2FB49314F5488AAD449AB3A5DB35ED42DB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F061C0 Relevance: .2, Instructions: 229COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0f4a5e1cd4f19f52a5814c1529e1f9ce6d3b9a5446debed76fa82025aa0380cc
                                                                    • Instruction ID: 7f256ae257033ef46d293b0072ca0b7eb36b1eac6851e7977ad38c7c2bde179c
                                                                    • Opcode Fuzzy Hash: 0f4a5e1cd4f19f52a5814c1529e1f9ce6d3b9a5446debed76fa82025aa0380cc
                                                                    • Instruction Fuzzy Hash: 8F61B171F000214FEF54AA6EC88066FBADBAF94224F154479D80EDB360DE79DD0287D2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F04268 Relevance: .2, Instructions: 221COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 99ea8673b97f670c0260c21a37565f3bdd1e938b8fd706cc2b438cd90a842f17
                                                                    • Instruction ID: fd4d87535f0da81f1f642bf39371105041e1a7a2d4e0e7ede78f0abb1d2b5e23
                                                                    • Opcode Fuzzy Hash: 99ea8673b97f670c0260c21a37565f3bdd1e938b8fd706cc2b438cd90a842f17
                                                                    • Instruction Fuzzy Hash: 33814B34B1020A9FDF44DFA8D5547AEB7F6AF88304F109528D50AEB394EB34DC468B82
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F045A0 Relevance: .2, Instructions: 210COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fc0587e333e8d992d94f5578b982ab4ed19d4b597c05ddd46703d7c65bfc6117
                                                                    • Instruction ID: c335c493f2bcd63f774c28e050c6d62082e970490dd718cce6e8986ef4018b0b
                                                                    • Opcode Fuzzy Hash: fc0587e333e8d992d94f5578b982ab4ed19d4b597c05ddd46703d7c65bfc6117
                                                                    • Instruction Fuzzy Hash: 37912E30E10619CBEF60DF68C890B9DB7B1FF89300F208595D54DAB295EB70AA85CF91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F0459D Relevance: .2, Instructions: 210COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e8d4b1c7f2c1b530af7f486355ad2cff9cfd46e2bca2f60029d1cd3db93ab7fb
                                                                    • Instruction ID: 9065d6d121a3ccf61c5ca4b2ceab4060ef83dfe5107490f11f6618d0dce7eaac
                                                                    • Opcode Fuzzy Hash: e8d4b1c7f2c1b530af7f486355ad2cff9cfd46e2bca2f60029d1cd3db93ab7fb
                                                                    • Instruction Fuzzy Hash: 21912E34E10619CBEF60DF68C890B9DB7B1FF89300F208595D549BB295EB70AA85CF91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F0EEE8 Relevance: .2, Instructions: 201COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4a8c89b03ff2a00dcbec6c71042a101d0477e9d48d7515dbbe27184a5e8e8ed0
                                                                    • Instruction ID: b8241680f51af364c2c77f8f54efc6dc9c39bfda5a5fb50325ce1e2eacdc6619
                                                                    • Opcode Fuzzy Hash: 4a8c89b03ff2a00dcbec6c71042a101d0477e9d48d7515dbbe27184a5e8e8ed0
                                                                    • Instruction Fuzzy Hash: 0E714B70E012098FDB54DFA9D990AAEBBF6FF88300F148429D405EB295DB34EC46CB51
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F0EEE7 Relevance: .2, Instructions: 196COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 678ab43930bc4016a3353fc9e6f29d49ea74c23f2d1fb54ebed54ab5975d5636
                                                                    • Instruction ID: 8b7b900fe812ab75f6396f9cac708c5f63f32c6ad5c809a2f57fe09718dd9961
                                                                    • Opcode Fuzzy Hash: 678ab43930bc4016a3353fc9e6f29d49ea74c23f2d1fb54ebed54ab5975d5636
                                                                    • Instruction Fuzzy Hash: A0713974E012098FDB54DFA8D990AADBBF6FF88300F148429D409EB295DB34EC46CB40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F0EEDF Relevance: .2, Instructions: 190COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7fe61dbc1a313e0428540565463dcf0d628c819754a193ed6bab263939b29e6f
                                                                    • Instruction ID: d98e9cd543cbb84b3a9ec2964c9f193bd54a8c19822206ea6aa851198f945d29
                                                                    • Opcode Fuzzy Hash: 7fe61dbc1a313e0428540565463dcf0d628c819754a193ed6bab263939b29e6f
                                                                    • Instruction Fuzzy Hash: 57714974E012098FDB54DFA8D990AADBBF6FF88300F148529D419EB295DB34EC46CB40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F0FC4B Relevance: .2, Instructions: 172COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d737038a87fd5ed650aed6c8e0fb82891c9161c153a601c91c9a397a9edcb09b
                                                                    • Instruction ID: af94a4831f21aeb2d4fbba95d01c688a685b8e43a994cba4a75a4b2a6c4166b3
                                                                    • Opcode Fuzzy Hash: d737038a87fd5ed650aed6c8e0fb82891c9161c153a601c91c9a397a9edcb09b
                                                                    • Instruction Fuzzy Hash: E251B131E02109DFEF64EB78E4486ADB7B2FF88315F108869D90AD7290DF359955CB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F0F9EF Relevance: .2, Instructions: 167COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4b0e0ac27ded148e59bbbee50ca4b500067c2ff72277c42e746e06d844f489b8
                                                                    • Instruction ID: 95191568319b17b7e25c9b6b474c0f94a83db22e9089a940e1afa54f5276820b
                                                                    • Opcode Fuzzy Hash: 4b0e0ac27ded148e59bbbee50ca4b500067c2ff72277c42e746e06d844f489b8
                                                                    • Instruction Fuzzy Hash: 055181B4F112058FFFB49668E95477F265EEB89710F20482AE80AC73D5C92CDC4597A2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F0FA00 Relevance: .2, Instructions: 163COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0f26b69f35732b78dccda0e52f6b333da3692374698c561ef633071ac3b42d9f
                                                                    • Instruction ID: 42cc2d61f0e5c65b7723702858e741278f0803a6468b198c404291bbb08c7482
                                                                    • Opcode Fuzzy Hash: 0f26b69f35732b78dccda0e52f6b333da3692374698c561ef633071ac3b42d9f
                                                                    • Instruction Fuzzy Hash: D0518FB4F112058BFFA49668E95476F265EEB89310F204826EC0AC73D5CE2CDC4597A2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F053E0 Relevance: .1, Instructions: 128COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 89e49c899bb2c3848b131260c74dd1e186ac7bd5fbff975986cbeda7ee829e0c
                                                                    • Instruction ID: 6b8b71c8b1d9a332f559b586ac06dcc927c070820dccdfff3b3508a34b1736f9
                                                                    • Opcode Fuzzy Hash: 89e49c899bb2c3848b131260c74dd1e186ac7bd5fbff975986cbeda7ee829e0c
                                                                    • Instruction Fuzzy Hash: A9419F76E002099FDF70CEA9D980ABEF7B2FB44314F10492AD21AD7690D770E8559F91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F03E70 Relevance: .1, Instructions: 118COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 04ddb93f53728f7bdf13976b67859148caf72ad66d10b18ab4eb7da672d9977d
                                                                    • Instruction ID: 57240f046235194940d126a766b713b7e087609e32bbc9b0a73e4dca593f765d
                                                                    • Opcode Fuzzy Hash: 04ddb93f53728f7bdf13976b67859148caf72ad66d10b18ab4eb7da672d9977d
                                                                    • Instruction Fuzzy Hash: 6D41BE76E002059FEB11DFA9D8407EDBBF4EB49320F148226E565EB2D0D7389845CBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F02078 Relevance: .1, Instructions: 95COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 412f35534d1838d7faeedd15ff58ab8cba09d1f94208ae6df74538e8a8613ae4
                                                                    • Instruction ID: ca47673b9d95890a0880e21218c62ed6690e3c0a0f152b00e69b942da2c28a4a
                                                                    • Opcode Fuzzy Hash: 412f35534d1838d7faeedd15ff58ab8cba09d1f94208ae6df74538e8a8613ae4
                                                                    • Instruction Fuzzy Hash: 22319034E142069FEB19CF64D89869EBBF2EF89300F10C929E915E7390DB71AD46CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F02088 Relevance: .1, Instructions: 91COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 044c9e1e86a1b7f7106f8a05cf6ebb348262c152017dd6bcea1e39addb049237
                                                                    • Instruction ID: 8d1088f9235c40793bd5521452b852eead329f44085098ccbc3a64a7eb5f05f4
                                                                    • Opcode Fuzzy Hash: 044c9e1e86a1b7f7106f8a05cf6ebb348262c152017dd6bcea1e39addb049237
                                                                    • Instruction Fuzzy Hash: 56318030E102099FDB15CF65D89869EB7F2EF89300F10C929E916E7390DB71AD42CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F03E80 Relevance: .1, Instructions: 78COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e3d94411ad0dd7d72156faa6056f9db49a4a952ab18cc33585e25b954b60630a
                                                                    • Instruction ID: 13a5db5bfd269b1c8f374e36f011c137d60a10a9095eeb06d0d2d3696e4a824d
                                                                    • Opcode Fuzzy Hash: e3d94411ad0dd7d72156faa6056f9db49a4a952ab18cc33585e25b954b60630a
                                                                    • Instruction Fuzzy Hash: 22217A76E1021A9FEB50CF69D890AAEB7F9FB48350F108125E909E7380E735DD028B91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 02FCD005 Relevance: .1, Instructions: 72COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4475250228.0000000002FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FCD000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_2fcd000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5c0cf880f3b3d8e6203c7c75816675db4ed4fda98c223cbeb3fffc3785e404fa
                                                                    • Instruction ID: bed736b72570ef24b78201596aa528374d9e55198ee2bb65ad59d24f858966a9
                                                                    • Opcode Fuzzy Hash: 5c0cf880f3b3d8e6203c7c75816675db4ed4fda98c223cbeb3fffc3785e404fa
                                                                    • Instruction Fuzzy Hash: 06214D715493C09FD7078B24D990715BF71EB47214F29C5EBD9898F2A7C33A980ACB62
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 02FCD030 Relevance: .1, Instructions: 72COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4475250228.0000000002FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FCD000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_2fcd000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f9cdd8018273699f7e80f2fac635c9580d3bc11b429aa57ed178db3a7552c9e4
                                                                    • Instruction ID: e5fcfe6d0c76ef23c8325c5a235b18cef3c0ba0a39534b34ebcd73f2a21d0c1b
                                                                    • Opcode Fuzzy Hash: f9cdd8018273699f7e80f2fac635c9580d3bc11b429aa57ed178db3a7552c9e4
                                                                    • Instruction Fuzzy Hash: 1A212571644205DFDB14DF18DAC0B2ABB65FB84724F30C57DDA0A0B25AC33AD406CA62
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F06CE8 Relevance: .1, Instructions: 68COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5b325923f875a5fd83c9afa615e6d3c21af5586cd4f31d27835ca18bcba26853
                                                                    • Instruction ID: 62ff16e40645cd178766067c060f9e29b7656328c54f5e590530b417c352a69a
                                                                    • Opcode Fuzzy Hash: 5b325923f875a5fd83c9afa615e6d3c21af5586cd4f31d27835ca18bcba26853
                                                                    • Instruction Fuzzy Hash: 5B21DF31F101199FEF94DA69E8547AEBBBBEB88310F209465E409E7380DB31EC118B81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F03F90 Relevance: .1, Instructions: 59COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f6ac9f9d3c2c732bf309dd1a18107cec046be5976f0be74699ceba0bea8a5270
                                                                    • Instruction ID: 71a8046ef8ef4e0e9a4de12078d095f88d90c7a2b41c404521e2bb3930e5d06d
                                                                    • Opcode Fuzzy Hash: f6ac9f9d3c2c732bf309dd1a18107cec046be5976f0be74699ceba0bea8a5270
                                                                    • Instruction Fuzzy Hash: 2A11A132B141258FEF48D678DC146AE73EAEBC8351F008539D50AE7380EE6ADC069BD1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F03C49 Relevance: .1, Instructions: 55COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a58427cb295fb4c7cf77955ee8d351b43c37dffe122b0c0357d7224f5a728698
                                                                    • Instruction ID: 1900e0dbaea6958cee6d2467070822c5dfa2dd25e949a7734f5c1dfd90a32472
                                                                    • Opcode Fuzzy Hash: a58427cb295fb4c7cf77955ee8d351b43c37dffe122b0c0357d7224f5a728698
                                                                    • Instruction Fuzzy Hash: E121C0B5D01219AFCB00DF9AD985ADEFBB4FF09310F10852AE518B7240C375A544CBA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F03F7F Relevance: .1, Instructions: 54COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fafc713f4751a989cf813db4298864cd0ac43ebcc3ef4a4153ee517c49c0a47c
                                                                    • Instruction ID: 34b080c0f18bd2aa65fc0eb7bdeae0e2c0a2e56a1a75dabeae2d2c230530e248
                                                                    • Opcode Fuzzy Hash: fafc713f4751a989cf813db4298864cd0ac43ebcc3ef4a4153ee517c49c0a47c
                                                                    • Instruction Fuzzy Hash: 17017132B140155FEF5895789C146BF72EEABC8351F044635D60AE32D4EE65CC065BD2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F041C9 Relevance: .1, Instructions: 53COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: edad7d47994913bbf87dc93a2acd18a3c2650f92db1078b748d6a7585e5b5591
                                                                    • Instruction ID: e2cec834716695e57a3709ac75b72e8151a4f73506f63ab2ab7e1432d2eba16c
                                                                    • Opcode Fuzzy Hash: edad7d47994913bbf87dc93a2acd18a3c2650f92db1078b748d6a7585e5b5591
                                                                    • Instruction Fuzzy Hash: 9C01B539F101108FEB659ABDD85472EA7DADBC9320F10882AE52EC73D5EE24DC054791
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F03C50 Relevance: .1, Instructions: 52COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e3f8d0dd70b953f527c64e280349fd0135ed017d9105a0d594039892ffb5dbd1
                                                                    • Instruction ID: 80c7de0898aebe82e7f12f306da233d41ecb971aa320756d5788c261602013f3
                                                                    • Opcode Fuzzy Hash: e3f8d0dd70b953f527c64e280349fd0135ed017d9105a0d594039892ffb5dbd1
                                                                    • Instruction Fuzzy Hash: F411C2B1D01219AFCB00DF9AD884ADEFBF4FB49310F10852AE518A7240C374A944CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F041D8 Relevance: .1, Instructions: 51COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c82149ac054097b5f221639262fedd92a7be979dc494f2164238b53a41e1acad
                                                                    • Instruction ID: 0268c1f2718d5980a882319dab6a8dcf460db0c7b8039d25f51d2f082bc1acaf
                                                                    • Opcode Fuzzy Hash: c82149ac054097b5f221639262fedd92a7be979dc494f2164238b53a41e1acad
                                                                    • Instruction Fuzzy Hash: C901A235F101148FEF6596AED45472BB7DADBC9710F10883AE61EC7384DE65DC028391
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F041D5 Relevance: .0, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2562b02d136f3cad43d59b094c85df08a78408d8529746f4a8aba8fc02f575e5
                                                                    • Instruction ID: b5d8fb68d781858d70796120f2bef026f249306171a35b6818983a5f2b73fb7a
                                                                    • Opcode Fuzzy Hash: 2562b02d136f3cad43d59b094c85df08a78408d8529746f4a8aba8fc02f575e5
                                                                    • Instruction Fuzzy Hash: 6F01DF35F100118FEB65966DE45872BA7DADBC9310F10882AE51EC7384DE60DC068381
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F0C782 Relevance: .0, Instructions: 47COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 217c90ec41521343a01b372198fb4cf6b104705eeb1a7f32951ad32502930f48
                                                                    • Instruction ID: 6a40fecc8093d87de1f39d6ff44da721b93ef80250e6053bc6d1033427b63a50
                                                                    • Opcode Fuzzy Hash: 217c90ec41521343a01b372198fb4cf6b104705eeb1a7f32951ad32502930f48
                                                                    • Instruction Fuzzy Hash: 3A01A735E102289BDF549A79E840A9EB779FBC9324F105A39E915E72C4DB31A8048BC5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F0F167 Relevance: .0, Instructions: 47COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f7bbeb0aa45ee4cdad110d162a6e37caf4206dc69ec785c821a90503f8773278
                                                                    • Instruction ID: c30560a175ce3ac0a81647ac8b630270cef95ff6350cb1a5814855552ead6059
                                                                    • Opcode Fuzzy Hash: f7bbeb0aa45ee4cdad110d162a6e37caf4206dc69ec785c821a90503f8773278
                                                                    • Instruction Fuzzy Hash: 1D018C76F101214FEB759A6DD85872E67DADBC9614F10882AE90AC7380DE25DC024381
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F0A2D5 Relevance: .0, Instructions: 46COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d903b76ffb076faa6a2cc0d35becf6daac187dfd94d1beb5111425a5cd306108
                                                                    • Instruction ID: a1622ec614480fdabac7638b8f3faf7356dc6ba9c1e100023a3480b795044af4
                                                                    • Opcode Fuzzy Hash: d903b76ffb076faa6a2cc0d35becf6daac187dfd94d1beb5111425a5cd306108
                                                                    • Instruction Fuzzy Hash: 3E01D136F101110FEBA0D678E96676E67D6DB8D710F109839E10EC7391EE26EC028781
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F0A2D8 Relevance: .0, Instructions: 46COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4de54e1d6076308420cf27156d5f3cf92458f423d5b4217111737ee540afa107
                                                                    • Instruction ID: 9df734e8a766e8996d1465a07a30dde1b2a8dbdeadb811439434518194d94af9
                                                                    • Opcode Fuzzy Hash: 4de54e1d6076308420cf27156d5f3cf92458f423d5b4217111737ee540afa107
                                                                    • Instruction Fuzzy Hash: 33018131F102154FDB61DA7DE965B6E77DADB8D710F108839E10AC7391EE26EC029781
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F0C790 Relevance: .0, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 595765b634afd86d217c002f84e9359ace4bd6b40fa41e43f3bc178c8596a620
                                                                    • Instruction ID: dd300706bd8adbb15ee1c73fc2701617b096b1d00fb0ac3054f341e782e825c9
                                                                    • Opcode Fuzzy Hash: 595765b634afd86d217c002f84e9359ace4bd6b40fa41e43f3bc178c8596a620
                                                                    • Instruction Fuzzy Hash: DF01A435F202289BDF549A79E840AAEB7B9FB89314F104539E905EB384DB35AC048BC5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 06F06448 Relevance: .0, Instructions: 24COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.4519734344.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_6f00000_CmxzrHBB.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0b37480c6242d52a60a488f8f438ef50d831e5f28d637559665679fcf7707cd3
                                                                    • Instruction ID: da36cf417cbe3c3672110cedb848b0a846b628e3e54ae9b9b043051158346b22
                                                                    • Opcode Fuzzy Hash: 0b37480c6242d52a60a488f8f438ef50d831e5f28d637559665679fcf7707cd3
                                                                    • Instruction Fuzzy Hash: 85E0D879D19288AFEFA0CFB49E9936D3BB4AF02108F2045E6C448D7182D176CA15D340
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%