Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report xD2TnigEaY

Overview

General Information

Sample Name:xD2TnigEaY (renamed file extension from none to exe)
Analysis ID:553367
MD5:07dd723a06bb89dc1bdce3cc56f1cf20
SHA1:d36a56e3aa33c602cbb405dc6dd7425e17cf4672
SHA256:d56f880cb8c35e66750faa6ae9284f0eb2383cec287e8cef4f85122fe90d4305
Tags:32exeRedLineStealer
Infos:

Most interesting Screenshot:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Antivirus detection for URL or domain
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to steal Crypto Currency Wallets
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Tries to harvest and steal browser information (history, passwords, etc)
Is looking for software installed on the system
Uses 32bit PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected TCP or UDP traffic on non-standard ports
Internet Provider seen in connection with other malware
Binary contains a suspicious time stamp
Detected potential crypto function
Yara detected Credential Stealer
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Contains long sleeps (>= 3 min)
Enables debug privileges

Classification

Process Tree

  • System is w10x64
  • xD2TnigEaY.exe (PID: 5128 cmdline: "C:\Users\user\Desktop\xD2TnigEaY.exe" MD5: 07DD723A06BB89DC1BDCE3CC56F1CF20)
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": ["208.167.249.72:2943"], "Bot Id": "Result"}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
xD2TnigEaY.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000000.341469282.00000000001E2000.00000002.00020000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000000.00000002.397709229.00000000001E2000.00000002.00020000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Process Memory Space: xD2TnigEaY.exe PID: 5128JoeSecurity_RedLineYara detected RedLine StealerJoe Security
                Click to see the 1 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                0.2.xD2TnigEaY.exe.1e0000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  0.0.xD2TnigEaY.exe.1e0000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security

                    Sigma Overview

                    No Sigma rule has matched

                    Jbx Signature Overview

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection:

                    barindex
                    Antivirus / Scanner detection for submitted sampleShow sources
                    Source: xD2TnigEaY.exeAvira: detected
                    Found malware configurationShow sources
                    Source: 0.2.xD2TnigEaY.exe.1e0000.0.unpackMalware Configuration Extractor: RedLine {"C2 url": ["208.167.249.72:2943"], "Bot Id": "Result"}
                    Multi AV Scanner detection for submitted fileShow sources
                    Source: xD2TnigEaY.exeVirustotal: Detection: 65%Perma Link
                    Source: xD2TnigEaY.exeReversingLabs: Detection: 83%
                    Antivirus detection for URL or domainShow sources
                    Source: http://tempuri.org/Entity/Id22ResponseH0fAvira URL Cloud: Label: phishing
                    Machine Learning detection for sampleShow sources
                    Source: xD2TnigEaY.exeJoe Sandbox ML: detected
                    Source: xD2TnigEaY.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                    Source: xD2TnigEaY.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                    Source: global trafficTCP traffic: 192.168.2.6:49758 -> 208.167.249.72:2943
                    Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: unknownTCP traffic detected without corresponding DNS query: 208.167.249.72
                    Source: xD2TnigEaY.exe, 00000000.00000002.399395155.0000000002B33000.00000004.00000001.sdmpString found in binary or memory: ium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"divx-player":{"group_name_matcher":"*DivX Web Player*","help_url":"https://support.google.com/chrome/?p=plugin_divx","lang":"en-US","mime_types":["video/divx","video/x-matroska"],"name":"DivX Web Player","url":"http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe","versions":[{"status":"requires_authorization","version":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"*Facebook Video*","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"*Chrome PDF Viewer*","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"*Chrome PDF Plugin*","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-earth":{"group_name_matcher":"*Google Earth*","lang":"en-US","mime_types":["application/geplugin"],"name":"Google Earth","url":"http://www.google.com/earth/explore/products/plugin.html","versions":[{"comment":"We do not track version information for the Google Earth Plugin.","status":"requires_authorization","version":"0"}]},"google-talk":{"group_name_matcher":"*Google Talk*","mime_types":[],"name":"Google Talk","versions":[{"comment":"'Google Talk Plugin' and 'Google Talk Plugin Video Accelerator' use two completely different versioning schemes, so we can't define a minimum version.","status":"requires_authorization","version":"0"}]},"google-update":{"group_name_matcher":"Google Update","mime-types":[],"name":"Google Update","versions":[{"comment":"Google Update plugin is versioned but kept automatically up to date","status":"requires_authorization","version":"0"}]},"ibm-java-runtime-environment":{"group_name_matcher":"*IBM*Java*","mime_types":["application/x-java-applet","application/x-java-applet;jpi-version=1.7.0_05","application/x-java-applet;version=1.1","application/x-java-applet;version=1.1.1","application/x-java-applet;version=1.1.2","application/x-java-applet;version=1.1.3","application/x-java-applet;version=1.2","application/x-java-applet;version=1.2.1","application/x-java-applet;version=1.2.2","application/x-java-applet;version=1.3","application/x-java-applet;version=1.3.1","application/x-java-applet;version=1.4","application/x-java-applet;version=1.4.1","application/x-java-applet;version=1.4.2","application/x-java-applet;version=1.5","application/x-java-applet;version=1.6","application/x-java-applet;version=1.7","application/x-java
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: m9https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399395155.0000000002B33000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: http://forms.rea
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399395155.0000000002B33000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: http://go.micros
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultD
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: http://service.r
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: http://support.a
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: http://support.apple.com/kb/HT203092
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                    Source: xD2TnigEaY.exe, 00000000.00000002.398707670.00000000027F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                    Source: xD2TnigEaY.exe, 00000000.00000002.398707670.00000000027F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399932623.0000000003812000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                    Source: xD2TnigEaY.exe, 00000000.00000002.398707670.00000000027F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                    Source: xD2TnigEaY.exe, 00000000.00000002.398707670.00000000027F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22ResponseH0f
                    Source: xD2TnigEaY.exe, 00000000.00000002.398707670.00000000027F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                    Source: xD2TnigEaY.exe, 00000000.00000002.398707670.00000000027F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4yT
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                    Source: xD2TnigEaY.exe, 00000000.00000002.398707670.00000000027F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chrome
                    Source: xD2TnigEaY.exe, 00000000.00000002.399003702.0000000002A02000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399331879.0000000002B1D000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399395155.0000000002B33000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399057998.0000000002A28000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399691160.0000000003695000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000003.393215328.0000000003A80000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399932623.0000000003812000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399137901.0000000002A3F000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.400523351.0000000003BF7000.00000004.00000001.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: xD2TnigEaY.exeString found in binary or memory: https://api.ip.sb/ip
                    Source: xD2TnigEaY.exe, 00000000.00000002.399003702.0000000002A02000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399331879.0000000002B1D000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399395155.0000000002B33000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399057998.0000000002A28000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399691160.0000000003695000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000003.393215328.0000000003A80000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399932623.0000000003812000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399137901.0000000002A3F000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.400523351.0000000003BF7000.00000004.00000001.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: xD2TnigEaY.exe, 00000000.00000002.399003702.0000000002A02000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399331879.0000000002B1D000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399395155.0000000002B33000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399057998.0000000002A28000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399691160.0000000003695000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000003.393215328.0000000003A80000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399932623.0000000003812000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399137901.0000000002A3F000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.400523351.0000000003BF7000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: xD2TnigEaY.exe, 00000000.00000002.399003702.0000000002A02000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399331879.0000000002B1D000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399395155.0000000002B33000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399057998.0000000002A28000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399691160.0000000003695000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000003.393215328.0000000003A80000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399932623.0000000003812000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399137901.0000000002A3F000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.400523351.0000000003BF7000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: xD2TnigEaY.exe, 00000000.00000002.399003702.0000000002A02000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399331879.0000000002B1D000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399395155.0000000002B33000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399057998.0000000002A28000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399691160.0000000003695000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000003.393215328.0000000003A80000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399932623.0000000003812000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399137901.0000000002A3F000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.400523351.0000000003BF7000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: https://get.adob
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: https://helpx.ad
                    Source: xD2TnigEaY.exe, 00000000.00000002.399003702.0000000002A02000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399331879.0000000002B1D000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399395155.0000000002B33000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399057998.0000000002A28000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399691160.0000000003695000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000003.393215328.0000000003A80000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399932623.0000000003812000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399137901.0000000002A3F000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.400523351.0000000003BF7000.00000004.00000001.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                    Source: xD2TnigEaY.exe, 00000000.00000002.399003702.0000000002A02000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399331879.0000000002B1D000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399395155.0000000002B33000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399057998.0000000002A28000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399691160.0000000003695000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000003.393215328.0000000003A80000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399932623.0000000003812000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399137901.0000000002A3F000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.400523351.0000000003BF7000.00000004.00000001.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399395155.0000000002B33000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399395155.0000000002B33000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_java
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_real
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399395155.0000000002B33000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
                    Source: xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399395155.0000000002B33000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
                    Source: xD2TnigEaY.exe, 00000000.00000002.399003702.0000000002A02000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399331879.0000000002B1D000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399395155.0000000002B33000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399057998.0000000002A28000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399691160.0000000003695000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000003.393215328.0000000003A80000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399932623.0000000003812000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399137901.0000000002A3F000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.400523351.0000000003BF7000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: xD2TnigEaY.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                    Source: xD2TnigEaY.exe, 00000000.00000000.341485356.00000000001FC000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameBiphenyl.exe4 vs xD2TnigEaY.exe
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamechrome.exe< vs xD2TnigEaY.exe
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpBinary or memory string: OriginalFilename vs xD2TnigEaY.exe
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpBinary or memory string: m,\\StringFileInfo\\040904B0\\OriginalFilename vs xD2TnigEaY.exe
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXE.MUID vs xD2TnigEaY.exe
                    Source: xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXED vs xD2TnigEaY.exe
                    Source: xD2TnigEaY.exeBinary or memory string: OriginalFilenameBiphenyl.exe4 vs xD2TnigEaY.exe
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeCode function: 0_2_0091EC280_2_0091EC28
                    Source: xD2TnigEaY.exeVirustotal: Detection: 65%
                    Source: xD2TnigEaY.exeReversingLabs: Detection: 83%
                    Source: xD2TnigEaY.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeFile created: C:\Users\user\AppData\Local\YandexJump to behavior
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/1@0/1
                    Source: xD2TnigEaY.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: xD2TnigEaY.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                    Source: xD2TnigEaY.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeCode function: 0_2_00913C58 push esp; iretd 0_2_00913C91
                    Source: xD2TnigEaY.exeStatic PE information: 0xB1F9532C [Thu Aug 14 02:36:28 2064 UTC]
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion:

                    barindex
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)Show sources
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)Show sources
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeWindow / User API: threadDelayed 760Jump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeWindow / User API: threadDelayed 3053Jump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exe TID: 5040Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exe TID: 1684Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeQueries volume information: C:\Users\user\Desktop\xD2TnigEaY.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                    Stealing of Sensitive Information:

                    barindex
                    Yara detected RedLine StealerShow sources
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: xD2TnigEaY.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.2.xD2TnigEaY.exe.1e0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.0.xD2TnigEaY.exe.1e0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.341469282.00000000001E2000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.397709229.00000000001E2000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: xD2TnigEaY.exe PID: 5128, type: MEMORYSTR
                    Tries to steal Crypto Currency WalletsShow sources
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Found many strings related to Crypto-Wallets (likely being stolen)Show sources
                    Source: xD2TnigEaY.exe, 00000000.00000002.398707670.00000000027F0000.00000004.00000001.sdmpString found in binary or memory: %appdata%\Electrum\wallets
                    Source: xD2TnigEaY.exe, 00000000.00000002.398707670.00000000027F0000.00000004.00000001.sdmpString found in binary or memory: m4C:\Users\user\AppData\Roaming\Electrum\wallets\*
                    Source: xD2TnigEaY.exe, 00000000.00000002.398707670.00000000027F0000.00000004.00000001.sdmpString found in binary or memory: m-cjelfplplebdjjenllpjcblmjkfcffne|JaxxxLiberty
                    Source: xD2TnigEaY.exe, 00000000.00000002.398707670.00000000027F0000.00000004.00000001.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                    Source: xD2TnigEaY.exe, 00000000.00000002.398707670.00000000027F0000.00000004.00000001.sdmpString found in binary or memory: %appdata%\Ethereum\wallets
                    Source: xD2TnigEaY.exe, 00000000.00000002.398707670.00000000027F0000.00000004.00000001.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                    Source: xD2TnigEaY.exe, 00000000.00000002.398707670.00000000027F0000.00000004.00000001.sdmpString found in binary or memory: %appdata%\Ethereum\wallets
                    Source: xD2TnigEaY.exe, 00000000.00000002.398707670.00000000027F0000.00000004.00000001.sdmpString found in binary or memory: m8C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                    Tries to harvest and steal browser information (history, passwords, etc)Show sources
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\Desktop\xD2TnigEaY.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                    Source: Yara matchFile source: 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: xD2TnigEaY.exe PID: 5128, type: MEMORYSTR

                    Remote Access Functionality:

                    barindex
                    Yara detected RedLine StealerShow sources
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: xD2TnigEaY.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.2.xD2TnigEaY.exe.1e0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.0.xD2TnigEaY.exe.1e0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.341469282.00000000001E2000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.397709229.00000000001E2000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: xD2TnigEaY.exe PID: 5128, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid AccountsWindows Management Instrumentation221Path InterceptionPath InterceptionMasquerading1OS Credential Dumping1Security Software Discovery22Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery11Remote Desktop ProtocolData from Local System3Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion231Security Account ManagerVirtualization/Sandbox Evasion231SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information1NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptTimestomp1LSA SecretsSystem Information Discovery123SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    xD2TnigEaY.exe65%VirustotalBrowse
                    xD2TnigEaY.exe84%ReversingLabsByteCode-MSIL.Infostealer.RedLine
                    xD2TnigEaY.exe100%AviraHEUR/AGEN.1145065
                    xD2TnigEaY.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    SourceDetectionScannerLabelLinkDownload
                    0.2.xD2TnigEaY.exe.1e0000.0.unpack100%AviraHEUR/AGEN.1145065Download File
                    0.0.xD2TnigEaY.exe.1e0000.0.unpack100%AviraHEUR/AGEN.1145065Download File

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://service.r0%URL Reputationsafe
                    http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                    http://tempuri.org/0%URL Reputationsafe
                    http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id90%URL Reputationsafe
                    http://tempuri.org/Entity/Id80%URL Reputationsafe
                    http://tempuri.org/Entity/Id50%URL Reputationsafe
                    http://tempuri.org/Entity/Id70%URL Reputationsafe
                    http://tempuri.org/Entity/Id60%URL Reputationsafe
                    http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                    http://www.interoperabilitybridges.com/wmp-extension-for-chrome0%URL Reputationsafe
                    http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                    http://support.a0%URL Reputationsafe
                    http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                    https://api.ip.sb/ip0%URL Reputationsafe
                    http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id200%URL Reputationsafe
                    http://tempuri.org/Entity/Id210%URL Reputationsafe
                    http://tempuri.org/Entity/Id220%URL Reputationsafe
                    http://tempuri.org/Entity/Id230%URL Reputationsafe
                    http://tempuri.org/Entity/Id240%URL Reputationsafe
                    http://tempuri.org/Entity/Id24Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                    http://forms.rea0%URL Reputationsafe
                    http://tempuri.org/Entity/Id22ResponseH0f100%Avira URL Cloudphishing
                    http://tempuri.org/Entity/Id100%URL Reputationsafe
                    http://tempuri.org/Entity/Id110%URL Reputationsafe
                    http://tempuri.org/Entity/Id120%URL Reputationsafe
                    http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id130%URL Reputationsafe
                    http://tempuri.org/Entity/Id140%URL Reputationsafe
                    http://tempuri.org/Entity/Id150%URL Reputationsafe
                    http://tempuri.org/Entity/Id160%URL Reputationsafe
                    http://tempuri.org/Entity/Id170%URL Reputationsafe
                    http://tempuri.org/Entity/Id180%URL Reputationsafe
                    http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id190%URL Reputationsafe
                    http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id8Response0%URL Reputationsafe

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                      		high
                      http://schemas.xmlsoap.org/ws/2005/02/sc/sctxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                        		high
                        https://duckduckgo.com/chrome_newtabxD2TnigEaY.exe, 00000000.00000002.399003702.0000000002A02000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399331879.0000000002B1D000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399395155.0000000002B33000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399057998.0000000002A28000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399691160.0000000003695000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000003.393215328.0000000003A80000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399932623.0000000003812000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399137901.0000000002A3F000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.400523351.0000000003BF7000.00000004.00000001.sdmpfalse
                          		high
                          http://service.rxD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                            		high
                            https://duckduckgo.com/ac/?q=xD2TnigEaY.exe, 00000000.00000002.399003702.0000000002A02000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399331879.0000000002B1D000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399395155.0000000002B33000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399057998.0000000002A28000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399691160.0000000003695000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000003.393215328.0000000003A80000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399932623.0000000003812000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399137901.0000000002A3F000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.400523351.0000000003BF7000.00000004.00000001.sdmpfalse
                              		high
                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                		high
                                http://tempuri.org/Entity/Id12ResponsexD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://tempuri.org/xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://tempuri.org/Entity/Id2ResponsexD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                  		high
                                  http://tempuri.org/Entity/Id21ResponsexD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                    		high
                                    http://tempuri.org/Entity/Id9xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                      		high
                                      http://tempuri.org/Entity/Id8xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id5xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/PreparexD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                        		high
                                        http://tempuri.org/Entity/Id7xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://tempuri.org/Entity/Id6xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                          		high
                                          https://support.google.com/chrome/?p=plugin_realxD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id19ResponsexD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licensexD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssuexD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                		high
                                                http://www.interoperabilitybridges.com/wmp-extension-for-chromexD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencexD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                    		high
                                                    https://support.google.com/chrome/?p=plugin_pdfxD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/faultxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2004/10/wsatxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                            		high
                                                            http://tempuri.org/Entity/Id15ResponsexD2TnigEaY.exe, 00000000.00000002.398707670.00000000027F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namexD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://forms.real.com/real/realone/download.html?type=rpsp_usxD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://support.axD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    http://tempuri.org/Entity/Id6ResponsexD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      https://api.ip.sb/ipxD2TnigEaY.exefalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exexD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399395155.0000000002B33000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        https://support.google.com/chrome/?p=plugin_quicktimexD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2004/04/scxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                http://tempuri.org/Entity/Id9ResponsexD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=xD2TnigEaY.exe, 00000000.00000002.399003702.0000000002A02000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399331879.0000000002B1D000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399395155.0000000002B33000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399057998.0000000002A28000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399691160.0000000003695000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000003.393215328.0000000003A80000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399932623.0000000003812000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399137901.0000000002A3F000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.400523351.0000000003BF7000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://tempuri.org/Entity/Id20xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399932623.0000000003812000.00000004.00000001.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://tempuri.org/Entity/Id21xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://tempuri.org/Entity/Id22xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://tempuri.org/Entity/Id23xD2TnigEaY.exe, 00000000.00000002.398707670.00000000027F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://tempuri.org/Entity/Id24xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssuexD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://tempuri.org/Entity/Id24ResponsexD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://tempuri.org/Entity/Id1ResponsexD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedxD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplayxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinaryxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/08/addressingxD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        https://support.google.com/chrome/?p=plugin_shockwavexD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399395155.0000000002B33000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://forms.reaxD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssuexD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://tempuri.org/Entity/Id22ResponseH0fxD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmptrue
                                                                                                              • Avira URL Cloud: phishing
                                                                                                              		unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/trustxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://tempuri.org/Entity/Id10xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id11xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id12xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id16ResponsexD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponsexD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://tempuri.org/Entity/Id13xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://tempuri.org/Entity/Id14xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://tempuri.org/Entity/Id15xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://tempuri.org/Entity/Id16xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/NoncexD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://tempuri.org/Entity/Id17xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://tempuri.org/Entity/Id18xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://tempuri.org/Entity/Id5ResponsexD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://tempuri.org/Entity/Id19xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://schemas.xmlsoap.org/ws/2004/08/addressing/faultDxD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsxD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://tempuri.org/Entity/Id10ResponsexD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RenewxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://tempuri.org/Entity/Id8ResponsexD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://support.google.com/chrome/?p=plugin_wmpxD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0xD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://support.google.com/chrome/answer/6258784xD2TnigEaY.exe, 00000000.00000002.398891372.0000000002929000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399537054.0000000002BE4000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399395155.0000000002B33000.00000004.00000001.sdmp, xD2TnigEaY.exe, 00000000.00000002.399225008.0000000002A72000.00000004.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2006/02/addressingidentityxD2TnigEaY.exe, 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://schemas.xmlsoap.org/soap/envelope/xD2TnigEaY.exe, 00000000.00000002.398534223.0000000002661000.00000004.00000001.sdmpfalse
                                                                                                                                            		high

                                                                                                                                            Contacted IPs

                                                                                                                                            • No. of IPs < 25%
                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                            • 75% < No. of IPs

                                                                                                                                            Public

                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                            208.167.249.72
                                                                                                                                            		unknownUnited States
                                                                                                                                            		20473AS-CHOOPAUStrue

                                                                                                                                            General Information

                                                                                                                                            Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                                            Analysis ID:553367
                                                                                                                                            Start date:14.01.2022
                                                                                                                                            Start time:19:07:32
                                                                                                                                            Joe Sandbox Product:CloudBasic
                                                                                                                                            Overall analysis duration:0h 6m 56s
                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                            Report type:full
                                                                                                                                            Sample file name:xD2TnigEaY (renamed file extension from none to exe)
                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                            Number of analysed new started processes analysed:23
                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                            Technologies:
                                                                                                                                            • HCA enabled
                                                                                                                                            • EGA enabled
                                                                                                                                            • HDC enabled
                                                                                                                                            • AMSI enabled
                                                                                                                                            Analysis Mode:default
                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                            Detection:MAL
                                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@1/1@0/1
                                                                                                                                            EGA Information:Failed
                                                                                                                                            HDC Information:
                                                                                                                                            • Successful, ratio: 0.3% (good quality ratio 0.1%)
                                                                                                                                            • Quality average: 24.2%
                                                                                                                                            • Quality standard deviation: 35.4%
                                                                                                                                            HCA Information:
                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                            • Number of executed functions: 86
                                                                                                                                            • Number of non-executed functions: 8
                                                                                                                                            Cookbook Comments:
                                                                                                                                            • Adjust boot time
                                                                                                                                            • Enable AMSI
                                                                                                                                            Warnings:
                                                                                                                                            Show All
                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                                            • Excluded domains from analysis (whitelisted): www.bing.com, ris.api.iris.microsoft.com, client.wns.windows.com, fs.microsoft.com, store-images.s-microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                                                                                                            • Execution Graph export aborted for target xD2TnigEaY.exe, PID 5128 because it is empty
                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                            Simulations

                                                                                                                                            Behavior and APIs

                                                                                                                                            TimeTypeDescription
                                                                                                                                            19:08:54API Interceptor21x Sleep call for process: xD2TnigEaY.exe modified

                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                            IPs

                                                                                                                                            No context

                                                                                                                                            Domains

                                                                                                                                            No context

                                                                                                                                            ASN

                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                            AS-CHOOPAUSnIQCsrVbbw.dllGet hashmaliciousBrowse
                                                                                                                                            • 66.42.57.149
                                                                                                                                            hPJnda9rBy.dllGet hashmaliciousBrowse
                                                                                                                                            • 66.42.57.149
                                                                                                                                            nV5Wu77N8J.dllGet hashmaliciousBrowse
                                                                                                                                            • 66.42.57.149
                                                                                                                                            1nJGU59JPU.exeGet hashmaliciousBrowse
                                                                                                                                            • 136.244.117.138
                                                                                                                                            kGl1qp3Ox8.exeGet hashmaliciousBrowse
                                                                                                                                            • 149.28.78.238
                                                                                                                                            OZra.dllGet hashmaliciousBrowse
                                                                                                                                            • 66.42.57.149
                                                                                                                                            RQ6mxb6ssDtBoLUIE.dllGet hashmaliciousBrowse
                                                                                                                                            • 66.42.57.149
                                                                                                                                            EcJ8rbg.dllGet hashmaliciousBrowse
                                                                                                                                            • 66.42.57.149
                                                                                                                                            Comrpobante_60.vbsGet hashmaliciousBrowse
                                                                                                                                            • 149.248.50.230
                                                                                                                                            sample.jsGet hashmaliciousBrowse
                                                                                                                                            • 45.76.154.237
                                                                                                                                            gyZm68Cgwf.dllGet hashmaliciousBrowse
                                                                                                                                            • 66.42.57.149
                                                                                                                                            5o8zdV3GU3.dllGet hashmaliciousBrowse
                                                                                                                                            • 66.42.57.149
                                                                                                                                            aoPHg7b78c.dllGet hashmaliciousBrowse
                                                                                                                                            • 66.42.57.149
                                                                                                                                            xxWrY2YG7s.dllGet hashmaliciousBrowse
                                                                                                                                            • 66.42.57.149
                                                                                                                                            7MhGa3iotM.dllGet hashmaliciousBrowse
                                                                                                                                            • 66.42.57.149
                                                                                                                                            vHwdqVl8yP.dllGet hashmaliciousBrowse
                                                                                                                                            • 66.42.57.149
                                                                                                                                            M2hsMd9hTq.dllGet hashmaliciousBrowse
                                                                                                                                            • 66.42.57.149
                                                                                                                                            wg1bXKYOOs.dllGet hashmaliciousBrowse
                                                                                                                                            • 66.42.57.149
                                                                                                                                            8ozP45Xn3V.dllGet hashmaliciousBrowse
                                                                                                                                            • 66.42.57.149
                                                                                                                                            pugKLanrj3.dllGet hashmaliciousBrowse
                                                                                                                                            • 66.42.57.149

                                                                                                                                            JA3 Fingerprints

                                                                                                                                            No context

                                                                                                                                            Dropped Files

                                                                                                                                            No context

                                                                                                                                            Created / dropped Files

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\xD2TnigEaY.exe.log
                                                                                                                                            Process:C:\Users\user\Desktop\xD2TnigEaY.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2291
                                                                                                                                            Entropy (8bit):5.3192079301865585
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:MOfHK5HKXAHKhBHKdHKB1AHKzvQTHmYHKhQnoPtHoxHImHKoLHG1qHjHKdHAHDJn:vq5qXAqLqdqUqzcGYqhQnoPtIxHbqoL1
                                                                                                                                            MD5:B8B968C6C5994E11C0AEF299F6CC13DF
                                                                                                                                            SHA1:60351148A0D29E39DF51AE7F8D6DA7653E31BCF9
                                                                                                                                            SHA-256:DD53198266985E5C23239DCDDE91B25CF1FC1F4266B239533C11DDF0EF0F958D
                                                                                                                                            SHA-512:CFBCFCB650EF8C84A4BA005404E90ECAC9E77BDB618F53CD5948C085E44D099183C97C1D818A905B16C5E495FF167BD47347B14670A6E68801B0C01BC264F168
                                                                                                                                            Malicious:true
                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                            Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"SMDiagnostics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\34957343ad5d84daee97a1affda91665\System.Runtime.Serialization.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",0..2,"System.ServiceModel.Internals, Version=4.0.0.0, Culture=

                                                                                                                                            Static File Info

                                                                                                                                            General

                                                                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Entropy (8bit):5.771488269227702
                                                                                                                                            TrID:
                                                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                            • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                            • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                                            File name:xD2TnigEaY.exe
                                                                                                                                            File size:106496
                                                                                                                                            MD5:07dd723a06bb89dc1bdce3cc56f1cf20
                                                                                                                                            SHA1:d36a56e3aa33c602cbb405dc6dd7425e17cf4672
                                                                                                                                            SHA256:d56f880cb8c35e66750faa6ae9284f0eb2383cec287e8cef4f85122fe90d4305
                                                                                                                                            SHA512:0d031e01c6f19357db61df8801971de597ad50a8a3822232f97b186aada2d7f2e9758d5d6d120b510f8e5eef61cb08020c5d308094a3ccee9364b9c51e8d60ed
                                                                                                                                            SSDEEP:1536:bUVrU5RhoBuHDZATQWxUYlTiF/YuXUrsbYpf8MeRToPvsS800s:bUVIfpHDi0WxVJiHErkz5TRZu
                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...,S................0.................. ........@.. ....................................@................................

                                                                                                                                            File Icon

                                                                                                                                            Icon Hash:00828e8e8686b000

                                                                                                                                            Static PE Info

                                                                                                                                            General

                                                                                                                                            Entrypoint:0x4191ae
                                                                                                                                            Entrypoint Section:.text
                                                                                                                                            Digitally signed:false
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            Subsystem:windows gui
                                                                                                                                            Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                                                                            DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                                                            Time Stamp:0xB1F9532C [Thu Aug 14 02:36:28 2064 UTC]
                                                                                                                                            TLS Callbacks:
                                                                                                                                            CLR (.Net) Version:v4.0.30319
                                                                                                                                            OS Version Major:4
                                                                                                                                            OS Version Minor:0
                                                                                                                                            File Version Major:4
                                                                                                                                            File Version Minor:0
                                                                                                                                            Subsystem Version Major:4
                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                            Entrypoint Preview

                                                                                                                                            Instruction
                                                                                                                                            jmp dword ptr [00402000h]
                                                                                                                                            popad
                                                                                                                                            add byte ptr [ebp+00h], dh
                                                                                                                                            je 00007FE5C4E833B2h
                                                                                                                                            outsd
                                                                                                                                            add byte ptr [esi+00h], ah
                                                                                                                                            imul eax, dword ptr [eax], 006C006Ch
                                                                                                                                            push eax
                                                                                                                                            add byte ptr [edx+00h], dh
                                                                                                                                            outsd
                                                                                                                                            add byte ptr [esi+00h], ah
                                                                                                                                            imul eax, dword ptr [eax], 0065006Ch
                                                                                                                                            jnc 00007FE5C4E833B2h
                                                                                                                                            push esp
                                                                                                                                            add byte ptr [edi+00h], ch
                                                                                                                                            je 00007FE5C4E833B2h
                                                                                                                                            popad
                                                                                                                                            add byte ptr [eax+eax+20h], ch
                                                                                                                                            add byte ptr [edi+00h], ch
                                                                                                                                            add byte ptr [eax], ah
                                                                                                                                            add byte ptr [edx+00h], dl
                                                                                                                                            inc ecx
                                                                                                                                            add byte ptr [ebp+00h], cl
                                                                                                                                            and eax, 53005500h
                                                                                                                                            add byte ptr [ebp+00h], al
                                                                                                                                            push edx
                                                                                                                                            add byte ptr [eax+00h], dl
                                                                                                                                            inc ebp
                                                                                                                                            add byte ptr [esi+00h], ch
                                                                                                                                            jbe 00007FE5C4E833B2h
                                                                                                                                            imul eax, dword ptr [eax], 006F0072h
                                                                                                                                            outsb
                                                                                                                                            add byte ptr [ebp+00h], ch
                                                                                                                                            add byte ptr [esi+00h], ch
                                                                                                                                            je 00007FE5C4E833B2h
                                                                                                                                            push edx
                                                                                                                                            add byte ptr [edi+00h], cl
                                                                                                                                            inc esi
                                                                                                                                            add byte ptr [ecx+00h], cl
                                                                                                                                            dec esp
                                                                                                                                            add byte ptr [ebp+00h], al
                                                                                                                                            and eax, 41005C00h
                                                                                                                                            add byte ptr [eax+00h], dh
                                                                                                                                            jo 00007FE5C4E833B2h
                                                                                                                                            inc esp
                                                                                                                                            add byte ptr [ebp+00h], al
                                                                                                                                            outsb
                                                                                                                                            add byte ptr [esi+00h], dh
                                                                                                                                            imul eax, dword ptr [eax], 006F0072h
                                                                                                                                            outsb
                                                                                                                                            add byte ptr [ebp+00h], ch
                                                                                                                                            add byte ptr [esi+00h], ch
                                                                                                                                            je 00007FE5C4E833B2h
                                                                                                                                            popad
                                                                                                                                            add byte ptr [eax+eax+61h], dh
                                                                                                                                            add byte ptr [eax+eax+52h], bl
                                                                                                                                            add byte ptr [edi+00h], ch
                                                                                                                                            popad
                                                                                                                                            add byte ptr [ebp+00h], al
                                                                                                                                            outsb
                                                                                                                                            add byte ptr [esi+00h], dh
                                                                                                                                            imul eax, dword ptr [eax], 006F0072h
                                                                                                                                            outsb
                                                                                                                                            add byte ptr [ebp+00h], ch
                                                                                                                                            add byte ptr [esi+00h], ch
                                                                                                                                            je 00007FE5C4E833B2h
                                                                                                                                            insd
                                                                                                                                            add byte ptr [ecx+00h], ch
                                                                                                                                            outsb
                                                                                                                                            add byte ptr [edi+00h], ah
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            inc ecx
                                                                                                                                            add byte ptr [eax+00h], dh
                                                                                                                                            jo 00007FE5C4E833B2h
                                                                                                                                            inc esp
                                                                                                                                            add byte ptr [ecx+00h], ah

                                                                                                                                            Data Directories

                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x1915c0x4f.text
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x1c0000x4dc.rsrc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x1e0000xc.reloc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x191400x1c.text
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                            Sections

                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                            .text0x20000x18d840x19000False0.43318359375data5.87919002445IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                            .rsrc0x1c0000x4dc0x800False0.2841796875data2.99852033217IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                            .reloc0x1e0000xc0x400False0.025390625data0.0558553080537IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                            Resources

                                                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                                                            RT_VERSION0x1c0900x24cdata
                                                                                                                                            RT_MANIFEST0x1c2ec0x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                                                                                            Imports

                                                                                                                                            DLLImport
                                                                                                                                            mscoree.dll_CorExeMain

                                                                                                                                            Version Infos

                                                                                                                                            DescriptionData
                                                                                                                                            Translation0x0000 0x04b0
                                                                                                                                            LegalCopyright
                                                                                                                                            Assembly Version0.0.0.0
                                                                                                                                            InternalNameBiphenyl.exe
                                                                                                                                            FileVersion0.0.0.0
                                                                                                                                            ProductVersion0.0.0.0
                                                                                                                                            FileDescription
                                                                                                                                            OriginalFilenameBiphenyl.exe

                                                                                                                                            Network Behavior

                                                                                                                                            Network Port Distribution

                                                                                                                                            TCP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            Jan 14, 2022 19:08:39.704179049 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:39.806344986 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:39.806483030 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:40.139121056 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:40.242077112 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:40.293113947 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:41.254631042 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:41.359790087 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:41.481159925 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:47.804213047 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:47.913950920 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:47.913996935 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:47.914026022 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:47.914129972 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:47.965620995 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:51.289343119 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:51.395407915 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:51.399336100 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:51.502145052 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:51.533360004 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:51.636004925 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:51.684915066 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:51.712976933 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:51.822846889 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:51.850059986 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:51.955535889 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:51.997251987 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:52.098799944 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:52.201138973 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:52.201544046 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:52.217940092 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:52.321124077 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:52.357084036 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:52.459476948 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:52.465296030 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:52.567934990 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:52.569504023 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:52.672255039 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:52.716039896 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:52.747411013 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:52.850101948 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:52.901273966 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.206932068 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.308820009 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.308845997 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.308936119 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.308996916 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.309159994 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.309204102 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.309217930 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.309242964 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.309289932 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.309323072 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.410912991 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.410953045 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.410978079 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.410999060 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.411039114 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.411068916 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.411153078 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.411197901 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.411250114 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.411276102 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.411315918 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.411422014 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.424961090 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.513025999 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.513045073 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.513056993 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.513068914 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.513128996 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.513139963 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.513410091 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.513422012 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.513525963 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.513528109 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.513540030 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.513603926 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.513619900 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.513652086 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.513664961 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.513894081 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.513906002 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.514249086 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.514328957 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.514358997 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.514370918 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.514585018 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.515120983 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.515191078 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.615264893 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.615289927 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.615370035 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.615539074 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.615555048 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.615823030 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.615843058 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.615859985 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.616053104 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.616071939 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.616669893 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.616849899 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.617218971 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.617233992 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.617247105 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.617281914 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.617321968 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.617477894 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.617527008 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.618072987 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.618164062 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.719094992 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.719118118 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.719134092 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.719149113 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.719309092 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.719386101 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.719397068 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.719631910 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.719830036 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.720083952 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.720097065 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.720196962 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.720207930 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.720352888 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.720561028 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.720571995 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.720575094 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.720586061 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.720673084 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.721113920 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.721129894 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.721352100 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.721364021 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.721755981 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.721846104 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.822757006 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.822793961 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.822808027 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.822823048 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.822843075 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.822856903 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.822966099 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.822997093 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.823324919 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.823386908 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.823401928 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.823421001 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.823435068 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.823453903 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.823642969 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.823657990 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.823798895 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.823919058 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.823940039 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.824018955 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.824043036 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.824064970 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.824081898 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.824280024 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.824392080 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.824563980 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.824732065 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.824805021 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.926327944 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.926357985 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.926388025 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.926405907 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.926428080 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.926444054 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.926577091 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.926595926 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.926851988 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.926924944 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.926949024 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.926966906 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.927124977 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.927144051 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.927166939 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.927184105 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.927207947 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.927553892 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.927572012 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.927598953 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.927824974 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.927843094 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.927867889 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.927882910 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.927900076 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.927978039 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.928086996 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.928388119 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.928409100 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.928431988 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.928448915 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.928471088 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.928625107 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:53.929167986 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:53.929256916 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:54.029994011 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.030023098 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.030190945 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.030213118 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.030239105 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.030419111 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.030483961 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.030637980 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.030761957 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.030786991 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.031146049 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.031191111 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.031210899 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.031456947 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.031476021 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.031754971 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.031776905 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.031801939 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.031877041 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.032159090 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.032234907 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.032260895 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.032313108 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:54.032488108 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.032562017 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.032870054 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.032886982 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.033077002 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.033140898 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.033251047 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.134159088 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.134180069 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.134201050 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.134212017 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.134474993 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.134778976 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.134800911 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.134812117 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.138832092 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:54.185070992 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:55.554924965 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:55.660350084 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:55.674540997 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:55.777008057 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:55.825804949 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:56.093106031 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:56.196429968 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:56.247904062 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:56.319555044 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:56.422635078 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:56.425731897 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:56.529135942 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:56.575721025 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:56.583161116 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:56.685986042 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:56.688508987 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:56.689225912 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:56.792829990 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:56.795186043 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:56.900238991 CET294349758208.167.249.72192.168.2.6
                                                                                                                                            Jan 14, 2022 19:08:56.950726032 CET497582943192.168.2.6208.167.249.72
                                                                                                                                            Jan 14, 2022 19:08:57.145457983 CET497582943192.168.2.6208.167.249.72

                                                                                                                                            Code Manipulations

                                                                                                                                            Statistics

                                                                                                                                            CPU Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            Memory Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            High Level Behavior Distribution

                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                            System Behavior

                                                                                                                                            Analysis Process: xD2TnigEaY.exe PID: 5128 Parent PID: 5772

                                                                                                                                            General

                                                                                                                                            Start time:19:08:30
                                                                                                                                            Start date:14/01/2022
                                                                                                                                            Path:C:\Users\user\Desktop\xD2TnigEaY.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\Desktop\xD2TnigEaY.exe"
                                                                                                                                            Imagebase:0x1e0000
                                                                                                                                            File size:106496 bytes
                                                                                                                                            MD5 hash:07DD723A06BB89DC1BDCE3CC56F1CF20
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.341469282.00000000001E2000.00000002.00020000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.397709229.00000000001E2000.00000002.00020000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.398592673.00000000026F0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Disassembly

                                                                                                                                            Code Analysis

                                                                                                                                            Reset < >

                                                                                                                                              Analysis Process: xD2TnigEaY.exe PID: 5128 Parent PID: 5772 xD2TnigEaY.exeCOMMON

                                                                                                                                              Executed Functions

                                                                                                                                              Function 0091EC28, Relevance: 6.6, Strings: 5, Instructions: 376COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: lfs$lfs$lfs$lfs$ rm
                                                                                                                                              • API String ID: 0-4068965147
                                                                                                                                              • Opcode ID: 18d0f92f5110da274b8e011cd1a163c16a85eb6345025aef0affa44e64fae969
                                                                                                                                              • Instruction ID: bd1cb2ef76bb963fe5fecee957a1e0885c327d6d9c9cbbb0ac3a11befe37dcb9
                                                                                                                                              • Opcode Fuzzy Hash: 18d0f92f5110da274b8e011cd1a163c16a85eb6345025aef0affa44e64fae969
                                                                                                                                              • Instruction Fuzzy Hash: C7D1C334B002588FDB14DBB9D894AAE7BFAEF89304B148469E905DB395DF34DC42CB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00915BA8, Relevance: 12.7, Strings: 10, Instructions: 202COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: lfs$lfs$lfs$lfs$lfs$lfs$lfs$lfs$lfs$lfs
                                                                                                                                              • API String ID: 0-2089591847
                                                                                                                                              • Opcode ID: 090e4c074ce4e2d9165f92b6ce6a9380bab3fcfc25f1c363e1c89067ff362e0e
                                                                                                                                              • Instruction ID: bb0839f85707f7161953c2f646abfe56a3e07147b3c801273b0625b6d37caf09
                                                                                                                                              • Opcode Fuzzy Hash: 090e4c074ce4e2d9165f92b6ce6a9380bab3fcfc25f1c363e1c89067ff362e0e
                                                                                                                                              • Instruction Fuzzy Hash: C161E371B04514DFDF14ABB9E0545BE7ABBEBC5381B168439D902CB388DF398C428BA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091F088, Relevance: 6.7, Strings: 5, Instructions: 416COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: lfs$lfs$lfs$lfs$lfs
                                                                                                                                              • API String ID: 0-2849839246
                                                                                                                                              • Opcode ID: ac9a04d4305614bb70ac71c0e9a22e848151d200af7d9547196721e2ca1a34bf
                                                                                                                                              • Instruction ID: 802f5953124955d8573ba0c06da630d56cfdcac052be3740ee3c4faf53c09daa
                                                                                                                                              • Opcode Fuzzy Hash: ac9a04d4305614bb70ac71c0e9a22e848151d200af7d9547196721e2ca1a34bf
                                                                                                                                              • Instruction Fuzzy Hash: 13E18C747042188FDB14DF78C4A8AAE7BB6EF89310B158469E906CB3A2DB35DC42CB51
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009104C8, Relevance: 4.1, Strings: 3, Instructions: 377COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 8Ys$xTs${)n^
                                                                                                                                              • API String ID: 0-2173241241
                                                                                                                                              • Opcode ID: 0d8dd1f541502bec4503b9cb1ba2602a2ae131a7e766ee72f945d300864824e0
                                                                                                                                              • Instruction ID: ba7cecbce7de8e8c8dff1d21cc454dc96a4e7a246cfbe365fe2a3d8de7c53d5f
                                                                                                                                              • Opcode Fuzzy Hash: 0d8dd1f541502bec4503b9cb1ba2602a2ae131a7e766ee72f945d300864824e0
                                                                                                                                              • Instruction Fuzzy Hash: B5E19F31600214DFDB169FA0D914EA97BB7FF88300F0685A8E2099B272DB76DD91DF81
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009104B9, Relevance: 4.1, Strings: 3, Instructions: 349COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 8Ys$xTs${)n^
                                                                                                                                              • API String ID: 0-2173241241
                                                                                                                                              • Opcode ID: 40e26fb95f710a6e6de237a84a3f7f584997f37d7bb0300827f8fb21da0d8c95
                                                                                                                                              • Instruction ID: 68b647e0832ca2a2a2e9b3e03f04fd9ae1d17c17951c2722f01980578686d9a9
                                                                                                                                              • Opcode Fuzzy Hash: 40e26fb95f710a6e6de237a84a3f7f584997f37d7bb0300827f8fb21da0d8c95
                                                                                                                                              • Instruction Fuzzy Hash: 09D16E32600215DFDB169FA1C914EA97BB7FF88310F0685E8E2099B272DB76D991DF40
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091E398, Relevance: 4.1, Strings: 3, Instructions: 344COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: ,~<l$lfs$ rm
                                                                                                                                              • API String ID: 0-3432811736
                                                                                                                                              • Opcode ID: 7ff8b8d3af1529fe6307cc4c7ee05b2243b0b16b00c821d90c75157db9c73f94
                                                                                                                                              • Instruction ID: bee493223da870d605cc22e7de1dbd3bb17142aa9646b34411756733dbd750b8
                                                                                                                                              • Opcode Fuzzy Hash: 7ff8b8d3af1529fe6307cc4c7ee05b2243b0b16b00c821d90c75157db9c73f94
                                                                                                                                              • Instruction Fuzzy Hash: 87E11B34B00209DFDB14DFA5D994A9EBBB6FF88315F158928E9069B360DB74AC81CF50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091D440, Relevance: 3.9, Strings: 3, Instructions: 191COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: lfs$lfs$ rm
                                                                                                                                              • API String ID: 0-3443636889
                                                                                                                                              • Opcode ID: 4e4205bac759e8ab5e42ead00e753e764e5a71b11e25394966d9da5db4ddf024
                                                                                                                                              • Instruction ID: 821c883ebf2e788d3068352258339af2e3f28691e36b4ab6d3eef13ea16bd503
                                                                                                                                              • Opcode Fuzzy Hash: 4e4205bac759e8ab5e42ead00e753e764e5a71b11e25394966d9da5db4ddf024
                                                                                                                                              • Instruction Fuzzy Hash: F2719070F042198FCB14DFA9D4546AEBBF7AF89304F248529E805EB355EB749C82CB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00917298, Relevance: 2.6, Strings: 2, Instructions: 121COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: lfs$lfs
                                                                                                                                              • API String ID: 0-630417725
                                                                                                                                              • Opcode ID: 28d1677e0eb871889b10df3fb71d4df25dade413fbff25b2b2750c45cd063f03
                                                                                                                                              • Instruction ID: 118a44ae8a096b2d769609ec3a9c233a9149d46814fe605f428a6a3eff4658db
                                                                                                                                              • Opcode Fuzzy Hash: 28d1677e0eb871889b10df3fb71d4df25dade413fbff25b2b2750c45cd063f03
                                                                                                                                              • Instruction Fuzzy Hash: D4412274709300DFCB15ABB8E4184AA7FBAEF8625571488B9D905CB395EF398C02C7A1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00917E98, Relevance: 2.6, Strings: 2, Instructions: 88COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: lfs$lfs
                                                                                                                                              • API String ID: 0-630417725
                                                                                                                                              • Opcode ID: cf14a97bcc87383171aa7d2c150f17e228358ea92f7c6387554b6dce61a06c95
                                                                                                                                              • Instruction ID: c326ae096de22df4a6a41878617df2248d711a265a1826115f974e4d754446b1
                                                                                                                                              • Opcode Fuzzy Hash: cf14a97bcc87383171aa7d2c150f17e228358ea92f7c6387554b6dce61a06c95
                                                                                                                                              • Instruction Fuzzy Hash: 6521E4307087548FCB24A7B9A4584AD7FEBDFC52057148C79D90ACB796EF388C4287A1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009184E8, Relevance: 2.0, Instructions: 1973COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 224bb559bd3a0769e118ead26daf01700698fc5ed8948e7c221d54e19333132f
                                                                                                                                              • Instruction ID: 3eb41a82472b17d135f08188204e7bd8056ca1e1927de5360387dcdf4a793568
                                                                                                                                              • Opcode Fuzzy Hash: 224bb559bd3a0769e118ead26daf01700698fc5ed8948e7c221d54e19333132f
                                                                                                                                              • Instruction Fuzzy Hash: 4B130E34A11204EFCF16AB60D4509E9B777FF9934AB2094AEDC1127B68CB3B8856DF11
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009184D8, Relevance: 2.0, Instructions: 1972COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c246927c42dbd0c3f8ca5a81844aa1fa9a7f3e600e09fb81d3ee8f865362edec
                                                                                                                                              • Instruction ID: b61406ab9d456220822a48b394ba9737c541fae921d19eb3f29d043e6c259780
                                                                                                                                              • Opcode Fuzzy Hash: c246927c42dbd0c3f8ca5a81844aa1fa9a7f3e600e09fb81d3ee8f865362edec
                                                                                                                                              • Instruction Fuzzy Hash: 11130E34A11204EFCF16AB60D4509E9B777FF9934AB2094AEDC1127B68CB3B8856DF11
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091E388, Relevance: 1.4, Strings: 1, Instructions: 190COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: rm
                                                                                                                                              • API String ID: 0-1024999687
                                                                                                                                              • Opcode ID: 54f25a707d57503bbe8550bf8921cf52e75587bee3e3ed78eca8dcb7e2d529a3
                                                                                                                                              • Instruction ID: b6b94ba8d12c524babc1d5d91bb198dbeddad45749e90572e27c34a96330da9b
                                                                                                                                              • Opcode Fuzzy Hash: 54f25a707d57503bbe8550bf8921cf52e75587bee3e3ed78eca8dcb7e2d529a3
                                                                                                                                              • Instruction Fuzzy Hash: 3F812C34B00609DFDB14DF64D594A9DBBB2FF88355B158968E806AB361DB34EC82CF90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091D720, Relevance: 1.4, Strings: 1, Instructions: 126COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: lfs
                                                                                                                                              • API String ID: 0-1143408625
                                                                                                                                              • Opcode ID: a0145a0fe48905e2944cf5564bbcdc8aca5b56ffe5e5ae5b98ea32d082264d96
                                                                                                                                              • Instruction ID: 352fa274778d2a9be0bbca60a1eed2061beefebac9630982de0bb60835d79021
                                                                                                                                              • Opcode Fuzzy Hash: a0145a0fe48905e2944cf5564bbcdc8aca5b56ffe5e5ae5b98ea32d082264d96
                                                                                                                                              • Instruction Fuzzy Hash: E541CD70B052088FDB14DBA8D4547BEBBBAEF89310F14846AD809DB391EB358C42CB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091A558, Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: lfs
                                                                                                                                              • API String ID: 0-1143408625
                                                                                                                                              • Opcode ID: 324a359ede5bafaf9e269b3d0f28beb5c3f03db3a9ea6cdaa4ba56a245526162
                                                                                                                                              • Instruction ID: e07d9a42bb58dbbc3c372d2aee454b6157c0c1e52f65800e150aa75b2c595229
                                                                                                                                              • Opcode Fuzzy Hash: 324a359ede5bafaf9e269b3d0f28beb5c3f03db3a9ea6cdaa4ba56a245526162
                                                                                                                                              • Instruction Fuzzy Hash: 44410470B042189FDB10EBB5D8147EE7BB6DF81304F108866E401EB395DB789D05CBA2
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00917D38, Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: lfs
                                                                                                                                              • API String ID: 0-1143408625
                                                                                                                                              • Opcode ID: 41420b3dd24e1adc2c43d6652fdb1c5ee2a4888da0851a071e478a1e54fb4ddb
                                                                                                                                              • Instruction ID: 2378be9afd3daf721b1b688b2bd9440d4207c91bb85cc616ceda52a94e95724a
                                                                                                                                              • Opcode Fuzzy Hash: 41420b3dd24e1adc2c43d6652fdb1c5ee2a4888da0851a071e478a1e54fb4ddb
                                                                                                                                              • Instruction Fuzzy Hash: BB313E347042098FDB14DFA5D498AAE7BF6EF89711F144468E9029B3A4DF799C81CB50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00915F68, Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: lfs
                                                                                                                                              • API String ID: 0-1143408625
                                                                                                                                              • Opcode ID: f91beb6799df032bb3ba488f4905da41aab9f375432181865e1fbf6fd4fa5ca4
                                                                                                                                              • Instruction ID: 6785057a5387d1c1a55bef73da24e0ad94fef41e0abd8ea19558ef9f2fc9e31b
                                                                                                                                              • Opcode Fuzzy Hash: f91beb6799df032bb3ba488f4905da41aab9f375432181865e1fbf6fd4fa5ca4
                                                                                                                                              • Instruction Fuzzy Hash: 4021D271704114CFCB109BB9E4487AA7FAADF88366F158479E509CB740DF399C828BE1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00910457, Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 8cs
                                                                                                                                              • API String ID: 0-1390769624
                                                                                                                                              • Opcode ID: a0202487538692512273f668e2fcce8f20756e158a4eec1b06d9dd6699cfdc6f
                                                                                                                                              • Instruction ID: 9b169a9cce17ed7029e7761ccb047590ad1cba3e597a141d0a092750d529bb7c
                                                                                                                                              • Opcode Fuzzy Hash: a0202487538692512273f668e2fcce8f20756e158a4eec1b06d9dd6699cfdc6f
                                                                                                                                              • Instruction Fuzzy Hash: 36E0DF30A45348EFDB40EFB8E85018C7BB4DB82300F2089F9D008D7252EA325E008B55
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00910468, Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 8cs
                                                                                                                                              • API String ID: 0-1390769624
                                                                                                                                              • Opcode ID: 9de52ff56595df8df0110a87ebcdc01b2723352e290fe9b743bec0bfbd57f0d3
                                                                                                                                              • Instruction ID: 04f89b8d32da1f275aa70809bc3612c95c5ce1e3ad966f4c44ac434939a9ca73
                                                                                                                                              • Opcode Fuzzy Hash: 9de52ff56595df8df0110a87ebcdc01b2723352e290fe9b743bec0bfbd57f0d3
                                                                                                                                              • Instruction Fuzzy Hash: F6D05E30A0030CFF8B40EFF8E90149DB7B9EB85204B2089B8D408D3310EA352F009B94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091D228, Relevance: .2, Instructions: 153COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0477443fde82f1a3cdefe42fe6f9593a61d3cab580e1e64822a313574fb976d7
                                                                                                                                              • Instruction ID: 7134e608ed74cd9b655da8ff9f4915ad25405c27df4c3ac9b8c0780935f86054
                                                                                                                                              • Opcode Fuzzy Hash: 0477443fde82f1a3cdefe42fe6f9593a61d3cab580e1e64822a313574fb976d7
                                                                                                                                              • Instruction Fuzzy Hash: 3A51D874A11219DFDB14DFA4E894AEDBBB6FF88305F148429F812A73A0DB34AD41CB51
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091E759, Relevance: .1, Instructions: 140COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d6189f22d88645c9635c68a338d94e8be7e0e4dcfa4e714f1b0b0557b09f4310
                                                                                                                                              • Instruction ID: 60748dd113f49321fb0d01c8dd8fb700a22d09faef3126cb626c2f404b73ad2a
                                                                                                                                              • Opcode Fuzzy Hash: d6189f22d88645c9635c68a338d94e8be7e0e4dcfa4e714f1b0b0557b09f4310
                                                                                                                                              • Instruction Fuzzy Hash: E851E338A00209DFDB14DFA5E994E9DBBB6FF88351F158454E905AB260DB34EC82CF50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00912A88, Relevance: .1, Instructions: 130COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 987e74ecc82e6ca50f8f2469ca6a17dba8bc6b633dcda520ac8ac302fc37aeb5
                                                                                                                                              • Instruction ID: d073fcb79fb57dc3d967623b14da700255a1771433da0c8406a1f527f557f153
                                                                                                                                              • Opcode Fuzzy Hash: 987e74ecc82e6ca50f8f2469ca6a17dba8bc6b633dcda520ac8ac302fc37aeb5
                                                                                                                                              • Instruction Fuzzy Hash: 0F41D1307145048FC704BBB9E5480ADBBB2FFC9314B504A69E453AB3A4DF34AD89CB92
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009150DA, Relevance: .1, Instructions: 123COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b7e90c3a1891ae0da61148a65248613955608bab4108c1b8ff6d630c8deb4420
                                                                                                                                              • Instruction ID: 3d26c3020980fb442d0f951cce47593a3c78d404d3049099434f77c6e7ff21f5
                                                                                                                                              • Opcode Fuzzy Hash: b7e90c3a1891ae0da61148a65248613955608bab4108c1b8ff6d630c8deb4420
                                                                                                                                              • Instruction Fuzzy Hash: 25519D35904205EFCF05EFE5E8549DCBFB2FB48300F108825E641AB269DB3A5956DF60
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009123D9, Relevance: .1, Instructions: 107COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5dd46e0ac4c69cc7b1511451ca82fb3587cd52a22b162fdfcac86a47e6ab437e
                                                                                                                                              • Instruction ID: f592b3e88a23993c10faae96da863d2fa1c3a3be2bbcf2e256e5b4935cfa165c
                                                                                                                                              • Opcode Fuzzy Hash: 5dd46e0ac4c69cc7b1511451ca82fb3587cd52a22b162fdfcac86a47e6ab437e
                                                                                                                                              • Instruction Fuzzy Hash: EB41A274B041109FD705EFBAA46856E7BE6EBC8204314497DE90AE7344DF389D028BA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009152F0, Relevance: .1, Instructions: 106COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9f8a74d39e7a8b0fe6d3bde5d3fe5190ee33bb0b2dd60e44ce112ae03b2882e1
                                                                                                                                              • Instruction ID: 61ffa9ef351db3b44e8c7f2669bd4d64affb1d17bbf81cbf06022af7cd5c11cb
                                                                                                                                              • Opcode Fuzzy Hash: 9f8a74d39e7a8b0fe6d3bde5d3fe5190ee33bb0b2dd60e44ce112ae03b2882e1
                                                                                                                                              • Instruction Fuzzy Hash: 0531C5312183859FCB11DF6CD8908DE7BA6EFC12187054E69E1488B666DB70AD4EC791
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009123E8, Relevance: .1, Instructions: 102COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 45d6864c5a284e2c86d8766d65a0e1a801fa8878d398026f59f10b90dde7ebe4
                                                                                                                                              • Instruction ID: d309b27bde0df52a5040b855c0e70103c1f8774ed0ae99940baf5cb8b67bcbf0
                                                                                                                                              • Opcode Fuzzy Hash: 45d6864c5a284e2c86d8766d65a0e1a801fa8878d398026f59f10b90dde7ebe4
                                                                                                                                              • Instruction Fuzzy Hash: F831B334B042109FD705AFB6A45846E7BE7EBCC211314887DE90AE7344DF389D428BA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00910AE8, Relevance: .1, Instructions: 93COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 808d2d3b6164fc7a2cc87ca7717cf9396e4497031bfc082709f2ff21863003a3
                                                                                                                                              • Instruction ID: fee2493633d2c303ea5834b9c71170c6b91b244667e98ec92a90c240c8ef5901
                                                                                                                                              • Opcode Fuzzy Hash: 808d2d3b6164fc7a2cc87ca7717cf9396e4497031bfc082709f2ff21863003a3
                                                                                                                                              • Instruction Fuzzy Hash: 223104B0B081098FCB04CB68C840AAEBBF5EFC5304B1189A9E146DB2A1DB71ECC1C750
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091B0C0, Relevance: .1, Instructions: 87COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0afa7989978da80190cb6b1aa7f3d28b8240f477bf3b782afb978a50c2541f24
                                                                                                                                              • Instruction ID: 9653ace4ace3f82c2ecc39e96f17d993bc846186640a20fe21b93e58ff5ce219
                                                                                                                                              • Opcode Fuzzy Hash: 0afa7989978da80190cb6b1aa7f3d28b8240f477bf3b782afb978a50c2541f24
                                                                                                                                              • Instruction Fuzzy Hash: 79319C31E107468ACB11EFB9C8006D9B771FF99324F25972AE55977244EB30B9D0CB80
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00917D28, Relevance: .1, Instructions: 86COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 663615c0b3e06a570384d36b236ac8b5a85a5bd93b08ebb6e9e347bdebc3f07b
                                                                                                                                              • Instruction ID: 45209b891acee910efe4e0a86f67bfaf9600796229bbdcc311a32205cea975cf
                                                                                                                                              • Opcode Fuzzy Hash: 663615c0b3e06a570384d36b236ac8b5a85a5bd93b08ebb6e9e347bdebc3f07b
                                                                                                                                              • Instruction Fuzzy Hash: 6E312F347042498FD714DF95D498BAABBF6EF88710F1440A8E506AB3A5CF759D81CB50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091B0D0, Relevance: .1, Instructions: 85COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: faf735e6871bde82aa1e4bd02c43dcb77ed54dd18bd36be96721bc7c80a1aff1
                                                                                                                                              • Instruction ID: 653a3560c93de1ee69c105e165c24bbf8851489f593169f3d0e7d57bc549a862
                                                                                                                                              • Opcode Fuzzy Hash: faf735e6871bde82aa1e4bd02c43dcb77ed54dd18bd36be96721bc7c80a1aff1
                                                                                                                                              • Instruction Fuzzy Hash: 59316D31E1074A9ACB10AFB9C8006D9B7B1FF99314F259729E55977244EB70B9D0CB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00915110, Relevance: .1, Instructions: 83COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9f4fba6cf7e72a08372a529090a95aa5ea21b1388e407de10c56976b50644081
                                                                                                                                              • Instruction ID: 0a26d7fd4528dae8bab227483a53a8498a075055afb3ef3bfeca963a0c658cf5
                                                                                                                                              • Opcode Fuzzy Hash: 9f4fba6cf7e72a08372a529090a95aa5ea21b1388e407de10c56976b50644081
                                                                                                                                              • Instruction Fuzzy Hash: E1310E35904205EFCF05EFE6E9588ADBFB2FB48344F009825E601A7268DB366D55DF60
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009183A8, Relevance: .1, Instructions: 81COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: cf890f9f367895e993db932aeea2bbeb68da9db7224749e12d63497c99d7a4e0
                                                                                                                                              • Instruction ID: 9cfb8ef1bfb3baf1d6dc4d91f2003cab17cdc3fec6fe9504ec32a9027768cf9e
                                                                                                                                              • Opcode Fuzzy Hash: cf890f9f367895e993db932aeea2bbeb68da9db7224749e12d63497c99d7a4e0
                                                                                                                                              • Instruction Fuzzy Hash: FC31C731E00746CBDB11AF79D8141EEB7B1EF95304B10862AD455A7285EF38AD82CB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009183B8, Relevance: .1, Instructions: 80COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 40a75a615047f194780cb2264cad4f58feb6b7d6637cca8424746d36d85674dc
                                                                                                                                              • Instruction ID: 9c5d8ee94eda531fb293d60433ea1c540be3e3e6c914e08c650e200139264cef
                                                                                                                                              • Opcode Fuzzy Hash: 40a75a615047f194780cb2264cad4f58feb6b7d6637cca8424746d36d85674dc
                                                                                                                                              • Instruction Fuzzy Hash: 8631A230F0061ACBDB11AFB9D4141EEB3B5EF85305B10852AE556A7345EF38AD82CB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091F110, Relevance: .1, Instructions: 78COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 26f936f635a03792cd693ecb1c76137c9b274b7817625d7aee057f7fd7913c5d
                                                                                                                                              • Instruction ID: ba774bf0abd62418e73892a31d6ddb6c3cbc2c61ea15878f890b07169ca022d8
                                                                                                                                              • Opcode Fuzzy Hash: 26f936f635a03792cd693ecb1c76137c9b274b7817625d7aee057f7fd7913c5d
                                                                                                                                              • Instruction Fuzzy Hash: 57217A74B0420EDFEB14DF64C995AAA7BB5FF88310F148469E9018B361DB30ED82CB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091B478, Relevance: .1, Instructions: 74COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e037dc1a66da4c5210108723f1a1fa6db96ae8209f668505f64d84c9ad5d3b40
                                                                                                                                              • Instruction ID: f6cf17ad961891586b22a964864f313a81cae34d881ed7b3597bbcc1914fbf68
                                                                                                                                              • Opcode Fuzzy Hash: e037dc1a66da4c5210108723f1a1fa6db96ae8209f668505f64d84c9ad5d3b40
                                                                                                                                              • Instruction Fuzzy Hash: FE215C313082948BD7291B36E52A3B93EABDB51746B14447DF4878B682EB3DCC829B51
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00910AD8, Relevance: .1, Instructions: 73COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 12bec635996ba04caabb2ee8f77a84d6a3e054b13accb8d78d7b0f16d094b3aa
                                                                                                                                              • Instruction ID: e432b8c6a88c358c47c725bdb4574b1e1e2438c30b0985a090f903bfe16e8df0
                                                                                                                                              • Opcode Fuzzy Hash: 12bec635996ba04caabb2ee8f77a84d6a3e054b13accb8d78d7b0f16d094b3aa
                                                                                                                                              • Instruction Fuzzy Hash: 9C21C470B082198FCB14CB69D944ABEBBF5EFC4308F11446AE1099B291DB75ECC0C795
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091B473, Relevance: .1, Instructions: 67COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e4b46f80ca3b38d1f43089f60b2403d6e4f17e83d68751ab51b4effaba9d1233
                                                                                                                                              • Instruction ID: 439ea6f75f497b7bfd13bf3555bea39daff3bd9e5b8f348f416090432f74580d
                                                                                                                                              • Opcode Fuzzy Hash: e4b46f80ca3b38d1f43089f60b2403d6e4f17e83d68751ab51b4effaba9d1233
                                                                                                                                              • Instruction Fuzzy Hash: 0B217C71308294CBD7291B32F55A2B93FAADB21706704447DF4868B682EB3C8C82DB51
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00914057, Relevance: .1, Instructions: 66COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d2aa24b68a64f535b0108e345f8ede41c374c83fcf06ed7c154aadcc1a2a24ff
                                                                                                                                              • Instruction ID: 8d2dfd02ec7c5402c6972992ce4c33a9aa8a04b95af5749bd7e1ff22cf3ae7ee
                                                                                                                                              • Opcode Fuzzy Hash: d2aa24b68a64f535b0108e345f8ede41c374c83fcf06ed7c154aadcc1a2a24ff
                                                                                                                                              • Instruction Fuzzy Hash: B321F3316097408FD721DF6AE45829ABFF1FF89304B00893AE58A8B751DB75AC06CF95
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091B940, Relevance: .1, Instructions: 60COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f1bae459cfc577b30c59c478b55d4248dc6a25d10c25a37607fd6b80f3be15e7
                                                                                                                                              • Instruction ID: 16fb0e408f2d4671d9e7562b2e12b33ad17ba7d2364629ed4418135de088ae1f
                                                                                                                                              • Opcode Fuzzy Hash: f1bae459cfc577b30c59c478b55d4248dc6a25d10c25a37607fd6b80f3be15e7
                                                                                                                                              • Instruction Fuzzy Hash: 261163307107169BCB10EFACD85059EB7B6FFC42487104D29E1055B654EF74BD4A87E5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091CD03, Relevance: .1, Instructions: 58COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ab3f8f5180b1865f737355ae4c7017eb5e90d5b77d55ed5934d9e014ddf502cf
                                                                                                                                              • Instruction ID: 683a165ab432eb6eeda70ea2b149894e2d2148a8b33247055015fdf559d0d9ab
                                                                                                                                              • Opcode Fuzzy Hash: ab3f8f5180b1865f737355ae4c7017eb5e90d5b77d55ed5934d9e014ddf502cf
                                                                                                                                              • Instruction Fuzzy Hash: C01102343003409FD7209BB4A85832A7BA7FBC931AB104C3DE1478B782DEB9AC478750
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00915320, Relevance: .1, Instructions: 55COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: abd44edfac40e6109e3c93bae201fc2407ac2d490fc16941c1f25990b65353a3
                                                                                                                                              • Instruction ID: cad0f7dab9e270f5c1e2dd822bc973ae7e59b9777bea18e0bf03a4c7c1f77619
                                                                                                                                              • Opcode Fuzzy Hash: abd44edfac40e6109e3c93bae201fc2407ac2d490fc16941c1f25990b65353a3
                                                                                                                                              • Instruction Fuzzy Hash: 811116312146498BCB20DFADD4908DF77AAEFC42187108E28E5594B664DBB1FD8E87D0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091CD10, Relevance: .1, Instructions: 51COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e8410141b30b9d5ab6f111b0c94f708c67b6cc5d676d8633a9d900eb1d0add22
                                                                                                                                              • Instruction ID: 63c483192ad665ba1da1e3f5cb1e2b786b0aa0e6ee50e3732c4326dbe1c6bf4f
                                                                                                                                              • Opcode Fuzzy Hash: e8410141b30b9d5ab6f111b0c94f708c67b6cc5d676d8633a9d900eb1d0add22
                                                                                                                                              • Instruction Fuzzy Hash: C20161343003149FD7249BB9A85872A7BABEBC931AF144C3DE5478B741DFB9AC468750
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00913F4A, Relevance: .1, Instructions: 51COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 88002e5b46007f0ef30530b46762e19917f5bf7466de8a557e0c1fdd68e21d56
                                                                                                                                              • Instruction ID: d2b2f73150b1c69a414e383ff3f0c0919131bbbe112494f32e0ee7cb7f04834e
                                                                                                                                              • Opcode Fuzzy Hash: 88002e5b46007f0ef30530b46762e19917f5bf7466de8a557e0c1fdd68e21d56
                                                                                                                                              • Instruction Fuzzy Hash: 1001AD303042418FEB16E77AA56817D7BA7EFC02187044D3CE20A9F665DE38BD478795
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091F338, Relevance: .0, Instructions: 49COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 7eb5e57d378778a6d6e82263e02525aa5ec8e89ca947cde03785fe44bdf206c6
                                                                                                                                              • Instruction ID: 5b469b6e1146f429003ab65e1025ad61abf2920eae38241c4a61b80e9df3422d
                                                                                                                                              • Opcode Fuzzy Hash: 7eb5e57d378778a6d6e82263e02525aa5ec8e89ca947cde03785fe44bdf206c6
                                                                                                                                              • Instruction Fuzzy Hash: 5E118C75B002188FCB14DF68C9A8DA9BBB9FF5971471640AAE805DB372C730EC41CB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091C480, Relevance: .0, Instructions: 48COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 26b07f6ef793b901eb69c8c679021441f87230d4c50c375ff616e1e9ca0b8ab1
                                                                                                                                              • Instruction ID: 231ec20853eb02128a0bc58f397d00fd3a24b95e5d62395daf39f735f015f221
                                                                                                                                              • Opcode Fuzzy Hash: 26b07f6ef793b901eb69c8c679021441f87230d4c50c375ff616e1e9ca0b8ab1
                                                                                                                                              • Instruction Fuzzy Hash: DE01B1353046048FC714CF29D495CE9BBB5FF85204711C8A9E5058B672DBB0ED46CB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00913F58, Relevance: .0, Instructions: 46COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9f6bb2311efe1454781f1cfe3ab40e4bb3fdb452dcfd18f2d64942cfbe7db340
                                                                                                                                              • Instruction ID: 9bebaee61753fac5b76a099c05d2c31aa3a34f0ed5344e4ed4e83a8d5575016a
                                                                                                                                              • Opcode Fuzzy Hash: 9f6bb2311efe1454781f1cfe3ab40e4bb3fdb452dcfd18f2d64942cfbe7db340
                                                                                                                                              • Instruction Fuzzy Hash: C201BC303042418FAA16E77AE16807E7BE7EFC42183484D3CE20A9F714DE38BD4687A5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091B92F, Relevance: .0, Instructions: 43COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5dbddee7d7db91c84d549d002d6e1ff4be26363b63b11a250e0f1255a2255c42
                                                                                                                                              • Instruction ID: 8e8cada59a96ad1df5a976507c022bfe0a7ab104002b9c4661f924f65885cf15
                                                                                                                                              • Opcode Fuzzy Hash: 5dbddee7d7db91c84d549d002d6e1ff4be26363b63b11a250e0f1255a2255c42
                                                                                                                                              • Instruction Fuzzy Hash: CA012630B006169FCB10EF68E8906DEB7F6FFC0208B100D28D11587204EB34B91B87D5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091C490, Relevance: .0, Instructions: 38COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 7b1d1ed40b7efd639a8d153ebd24e8b8578aa9a337920c5f167b6f8012f33060
                                                                                                                                              • Instruction ID: 3f7148453fbf636c720d2ebe989f4452fe4876b8f2bace6e0e67ca19b4b3bb8e
                                                                                                                                              • Opcode Fuzzy Hash: 7b1d1ed40b7efd639a8d153ebd24e8b8578aa9a337920c5f167b6f8012f33060
                                                                                                                                              • Instruction Fuzzy Hash: 440146343046058FCB54DB69D454DAABBAAFF842147518869E5058B761EBB0ED41CB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091C4F4, Relevance: .0, Instructions: 36COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3559f8c52d76ef53f00b7d8dbd6574b3cc1b39b636d38e0e7225201979e304db
                                                                                                                                              • Instruction ID: 6b5869d06f5fe496589eeba3fc3bfe7e390bef616e24262062fbebcd58456ac1
                                                                                                                                              • Opcode Fuzzy Hash: 3559f8c52d76ef53f00b7d8dbd6574b3cc1b39b636d38e0e7225201979e304db
                                                                                                                                              • Instruction Fuzzy Hash: 04F022B13082448FE700CB69D4A49F97BA1FFA5341744C49AE5418F2B1E738E882C750
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00917E81, Relevance: .0, Instructions: 36COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 575d95ef304e6298cb3fd41472aabedda7bb56112f04672a65a9e4bdc33a603a
                                                                                                                                              • Instruction ID: 8302a226b721637c8a21d94c42668b7569cf7b5bab8b448df91f1ce23a36686e
                                                                                                                                              • Opcode Fuzzy Hash: 575d95ef304e6298cb3fd41472aabedda7bb56112f04672a65a9e4bdc33a603a
                                                                                                                                              • Instruction Fuzzy Hash: 56F0A03130E3D95FC71652B668A00A8BFBADDC652430A48FBD954CB593EF688C4783A1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00913239, Relevance: .0, Instructions: 35COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2800b6f20bec221178e9a745e4983fcff6bc7debec11c604e0c9a677e231ffeb
                                                                                                                                              • Instruction ID: 57f7302d4b37e4be8a65cd5b69edc48c1c7dbb3e306191a84e8d625a4f7cf7df
                                                                                                                                              • Opcode Fuzzy Hash: 2800b6f20bec221178e9a745e4983fcff6bc7debec11c604e0c9a677e231ffeb
                                                                                                                                              • Instruction Fuzzy Hash: CB018F34904148DFCB40FFB8E55869C7FB1FB84204B100868D505AB218DB345E45CB55
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091B800, Relevance: .0, Instructions: 34COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0f4e0e504e2ce4dff8744b150e598d9c00fc9860dede7559a61736b7d903a883
                                                                                                                                              • Instruction ID: fedc7d9a2f10d21fe36f0fafd34105b5a3b80663a51c15702aa5e26d428ac73d
                                                                                                                                              • Opcode Fuzzy Hash: 0f4e0e504e2ce4dff8744b150e598d9c00fc9860dede7559a61736b7d903a883
                                                                                                                                              • Instruction Fuzzy Hash: 2E013C31A002198FCB50DFA9D8445DEFFF5FF88715B04892AE44AE7240E7385A5ACB94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091BA01, Relevance: .0, Instructions: 34COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 87cd849619b4e7ee57ac5cb8b870d648ba4d6ce52a54ded2fc65f77c82242551
                                                                                                                                              • Instruction ID: 19cbe64868ed4c15236c76662084097a9cd7d4980c610b135169bb2e7b39c9f4
                                                                                                                                              • Opcode Fuzzy Hash: 87cd849619b4e7ee57ac5cb8b870d648ba4d6ce52a54ded2fc65f77c82242551
                                                                                                                                              • Instruction Fuzzy Hash: 65F059337085518FC3119F28D840899BBBAFF81720309819AE048C7772C720ED43C781
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009130C7, Relevance: .0, Instructions: 33COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8447cd5bffed7eb05d91e098bf5020dc38a20e788919bf463b853ebe1f1a1f4d
                                                                                                                                              • Instruction ID: ffd59e82ce731d94abbe9cb6354980638fa4d8dea47ea43bf081a567e8dfd3d8
                                                                                                                                              • Opcode Fuzzy Hash: 8447cd5bffed7eb05d91e098bf5020dc38a20e788919bf463b853ebe1f1a1f4d
                                                                                                                                              • Instruction Fuzzy Hash: 75F0E2312082809FD3116BABA85869EBFA5EFC6314B05083DE00DDB253CA699C058366
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00913140, Relevance: .0, Instructions: 33COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b29d37a710cfc2c31bc119df14179cbdd3d59c6a1eed2e12fa406e844334a697
                                                                                                                                              • Instruction ID: 306f9fc86a1647962430d0d56b364bdcdd5ec370dc46864d6344ea4e3ae883a6
                                                                                                                                              • Opcode Fuzzy Hash: b29d37a710cfc2c31bc119df14179cbdd3d59c6a1eed2e12fa406e844334a697
                                                                                                                                              • Instruction Fuzzy Hash: A4F0903035C3199BF7209BAAD4057A276E4EB84309F10CC39D41ACA685DBBCE9C59B91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00913248, Relevance: .0, Instructions: 32COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 22f69e0f1fcf0efc42c01ccbd297fcd1afe7a4b2a362e4485c1277859067d465
                                                                                                                                              • Instruction ID: fe475f653d91633cc4239f73cd957836e0e889813e356e246f63097db5622bcb
                                                                                                                                              • Opcode Fuzzy Hash: 22f69e0f1fcf0efc42c01ccbd297fcd1afe7a4b2a362e4485c1277859067d465
                                                                                                                                              • Instruction Fuzzy Hash: 95F03C34908289EFCB40FFB9E56959C7FB1FB85205B1048B9D409AB358EB346F448B56
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091D430, Relevance: .0, Instructions: 32COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1ad4920e3a8836eab43bde0a1988c0c9ea37938d919de647542f50aa47ca17fa
                                                                                                                                              • Instruction ID: cf8d4201839fbe62d05269ea947922f9c9c9002cccfce19caf285d6131ce8516
                                                                                                                                              • Opcode Fuzzy Hash: 1ad4920e3a8836eab43bde0a1988c0c9ea37938d919de647542f50aa47ca17fa
                                                                                                                                              • Instruction Fuzzy Hash: 83F09A31A012088BEF10DB98D4001CDBBF6EF85385F20052AE809AB354E770AE66CB81
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091D70F, Relevance: .0, Instructions: 32COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ce565e471b34d4007ced29a6317180345dfeef50ab09def5547d74d001d224c2
                                                                                                                                              • Instruction ID: 17e313aad3f280bd84109c76bb8e65a2148bfe636621413c07df5430ced74241
                                                                                                                                              • Opcode Fuzzy Hash: ce565e471b34d4007ced29a6317180345dfeef50ab09def5547d74d001d224c2
                                                                                                                                              • Instruction Fuzzy Hash: 8EF0BEB2B062048FD7149A25D8947ABFBA5EFC4321F04857EE50A87290EB749844CB80
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00913868, Relevance: .0, Instructions: 32COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d5f981e9df21ea8427e4d569dbb124fe35b839db03f53f4bc0f2a5f9e1b4f1cb
                                                                                                                                              • Instruction ID: ada66ee57019ad861532c600e6931db45bc227c7bd861d4cff207984ae95298c
                                                                                                                                              • Opcode Fuzzy Hash: d5f981e9df21ea8427e4d569dbb124fe35b839db03f53f4bc0f2a5f9e1b4f1cb
                                                                                                                                              • Instruction Fuzzy Hash: 57F0A7717082285BDB05D7A9A4147E97FEDD785325F1880AAE008C3280DA75DE41C794
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00910A30, Relevance: .0, Instructions: 31COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 86a68cbebeffde0ad555a5c1734cc80710c83c796c00c51555ad70597ca41b26
                                                                                                                                              • Instruction ID: 1bad90ed092814bdf656d40bb7ee69be34183fb9593f0e6548f28a5fd436f8a9
                                                                                                                                              • Opcode Fuzzy Hash: 86a68cbebeffde0ad555a5c1734cc80710c83c796c00c51555ad70597ca41b26
                                                                                                                                              • Instruction Fuzzy Hash: 2EF03030E00219CF8B44DFB899081AE77F5BF88251B508465D919E3344EB355E40CBD1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091D3FD, Relevance: .0, Instructions: 31COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 54186da3057d6110b68d6209a5cd268b6b40fcded5652c8df8c3fa581649f876
                                                                                                                                              • Instruction ID: 7114ed00d619506a03f6b9811722f7ff761fcc596e7ee375262dfa2412256015
                                                                                                                                              • Opcode Fuzzy Hash: 54186da3057d6110b68d6209a5cd268b6b40fcded5652c8df8c3fa581649f876
                                                                                                                                              • Instruction Fuzzy Hash: 7E01AF75A16219ABDF00DB90E954FEEBBB2BF49304F244015E902BB2A0D775A981DB60
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091B810, Relevance: .0, Instructions: 31COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: eb35d0eecd913fa092117c6d4f856b133ea8f86af3d52fcd7ed0b6bc6078499d
                                                                                                                                              • Instruction ID: 81ea656285fbc83ad0adc497946e0f436d2710558cb7796e3c970d3dad764338
                                                                                                                                              • Opcode Fuzzy Hash: eb35d0eecd913fa092117c6d4f856b133ea8f86af3d52fcd7ed0b6bc6078499d
                                                                                                                                              • Instruction Fuzzy Hash: D3F01D71A002199FCB50DFA9D8445DEBBF5FF98711F00492AE44AE3300E7746A45CBD4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00913859, Relevance: .0, Instructions: 31COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 98aaf488d19e4167d225176b6529a6148fb9f89ecb63250cd58541f8bcfcd35b
                                                                                                                                              • Instruction ID: b30968eab2cbaf973fb400cb35b5572ccf321842d668d71ee428c9b5fc4045b2
                                                                                                                                              • Opcode Fuzzy Hash: 98aaf488d19e4167d225176b6529a6148fb9f89ecb63250cd58541f8bcfcd35b
                                                                                                                                              • Instruction Fuzzy Hash: 0AF0E271A082585FE701D768E850BE57FF8DB4A324F1880EAE008C7282DA61DA42C740
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091B7A0, Relevance: .0, Instructions: 30COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 94a7fd611accc9424a37093161de4dd8279c303e0e747b90c8853667e0ce9c66
                                                                                                                                              • Instruction ID: 609c361af8a0170ba375f6d4cfafd8052124617bee340d844751338a8be1bcde
                                                                                                                                              • Opcode Fuzzy Hash: 94a7fd611accc9424a37093161de4dd8279c303e0e747b90c8853667e0ce9c66
                                                                                                                                              • Instruction Fuzzy Hash: D0E02B353082505BD31467AABC588AB7F6ACBC632931044BEF609C7346DE794C06C3B1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00917FA4, Relevance: .0, Instructions: 30COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f4213e166995c30de2fe329caca389825cba8e388a562d57376ece3c6bed6ca9
                                                                                                                                              • Instruction ID: ea45b11f5cae18b33f0d020087db11cadd55cee41ca0cf23ac80b9765699ed8b
                                                                                                                                              • Opcode Fuzzy Hash: f4213e166995c30de2fe329caca389825cba8e388a562d57376ece3c6bed6ca9
                                                                                                                                              • Instruction Fuzzy Hash: C4F0273050CBE08FC720EBFDE8550AE7FE2DD85201344CC6DD18A8B965EB78A94A8361
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009130D8, Relevance: .0, Instructions: 28COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: bea92405fde58e73bfe04887408c80652371ed6b8ed14772480d487897717cda
                                                                                                                                              • Instruction ID: 85830648c10ef98535928cbf5583e8e4a44a92ee56462176573bfeab6b3ef70f
                                                                                                                                              • Opcode Fuzzy Hash: bea92405fde58e73bfe04887408c80652371ed6b8ed14772480d487897717cda
                                                                                                                                              • Instruction Fuzzy Hash: 49E092312042109BD7202BABB848AAF7FDAEBC9355B01483CF10ED7251CE69AC4543B5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091BA10, Relevance: .0, Instructions: 28COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ec7dee341963e9880f724c439534e84fbb2723a994263d346aed9646af7604c7
                                                                                                                                              • Instruction ID: 1c4c813e6e74830a2260c12a8ce564faa401784182bffdba92e26ed1bd2aa676
                                                                                                                                              • Opcode Fuzzy Hash: ec7dee341963e9880f724c439534e84fbb2723a994263d346aed9646af7604c7
                                                                                                                                              • Instruction Fuzzy Hash: F4F0E5323015265FC3049F68D444C9DBBBDEF85B203098159E44987321CB20ED81C7D0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00913FF8, Relevance: .0, Instructions: 28COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 135f0ffb2f0978cf1ba15e6b4b965639e7b5a8a9ba5bf1a1c5e36f348be29baf
                                                                                                                                              • Instruction ID: 734a050f208636a5e0fe9a0c7521c3bb36cab752c7eefd9df7db9cc063db01c4
                                                                                                                                              • Opcode Fuzzy Hash: 135f0ffb2f0978cf1ba15e6b4b965639e7b5a8a9ba5bf1a1c5e36f348be29baf
                                                                                                                                              • Instruction Fuzzy Hash: 12F0B4342083908FC721E739E01466D3FB6DB86304B040C79E18ACB621CA65AC058791
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00915F58, Relevance: .0, Instructions: 28COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ce271e62f6ed8735ddc83a80584737276a9b55bb555cfcdbdbccc53a78d9d421
                                                                                                                                              • Instruction ID: a6da1f1368105b8a518ad960215910d53056a3d34bf406264dd7d17680a9a134
                                                                                                                                              • Opcode Fuzzy Hash: ce271e62f6ed8735ddc83a80584737276a9b55bb555cfcdbdbccc53a78d9d421
                                                                                                                                              • Instruction Fuzzy Hash: C4E02B7230D7845FD7219A25D800AE67FA9CBE1320B06847ED159CB611D628DD41E791
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00914068, Relevance: .0, Instructions: 27COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 24642d20bbf1ba2925af556a16c1767324600d615b66acf32ddfdd0afc92e8df
                                                                                                                                              • Instruction ID: 938c4b10e86e2b6b5591c3ac4e22345719ffca6939187fdb208ce6c2b0e08f63
                                                                                                                                              • Opcode Fuzzy Hash: 24642d20bbf1ba2925af556a16c1767324600d615b66acf32ddfdd0afc92e8df
                                                                                                                                              • Instruction Fuzzy Hash: A3F01770505B01CFDB24DF66E458556BFF6FB88305B008A2EE88A86A55DB74A846CF84
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091B7B0, Relevance: .0, Instructions: 26COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2c7c38153c5337ece05069ed96924b4bd3cbe19d1190d90854cda5a4b80db896
                                                                                                                                              • Instruction ID: 0af5f3a7f70a94d1c73110805ab87c07ab1cb1b1ba70b6a5a7e9630ab212a37b
                                                                                                                                              • Opcode Fuzzy Hash: 2c7c38153c5337ece05069ed96924b4bd3cbe19d1190d90854cda5a4b80db896
                                                                                                                                              • Instruction Fuzzy Hash: C1E0263530422467971436EBFC188AFBA9ED7C9376310087EFA0983305DEB95C0582B0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00914008, Relevance: .0, Instructions: 25COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 7dedf9e6eaa434ba9df52241266756b993d09fe79a1c6fe84385026f22ac6cbd
                                                                                                                                              • Instruction ID: 8840c69794e5c1ac3a636dd8c2b4ddfced2181ebad791323772c02c7cef999c6
                                                                                                                                              • Opcode Fuzzy Hash: 7dedf9e6eaa434ba9df52241266756b993d09fe79a1c6fe84385026f22ac6cbd
                                                                                                                                              • Instruction Fuzzy Hash: 2AE065302087A48BD721A76EE41865E7FEAEBC5319F000C3DE28A8B711CBB5AC4587D5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091A548, Relevance: .0, Instructions: 22COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: dec70777427d49d197de400ed05d931949c97ba06c3ff171fc23e99847afb7eb
                                                                                                                                              • Instruction ID: ffd47152adaaa302bd711b8598524bd26cfce7cfcdd24e13dc0706829ca679f5
                                                                                                                                              • Opcode Fuzzy Hash: dec70777427d49d197de400ed05d931949c97ba06c3ff171fc23e99847afb7eb
                                                                                                                                              • Instruction Fuzzy Hash: 12E0EC357010149FC714EF68E988B8A3BE8EF05655B4000A5F509DB221DB31DD26CBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091A720, Relevance: .0, Instructions: 21COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ea6f3bee0cef96952c51b79664f97ce6a298d169f069673187583bfaaa5c94ea
                                                                                                                                              • Instruction ID: b1d8c7bcf560b706ccd70ef5b94965db059bbf7c2ab23e068440bfcd4980b6f8
                                                                                                                                              • Opcode Fuzzy Hash: ea6f3bee0cef96952c51b79664f97ce6a298d169f069673187583bfaaa5c94ea
                                                                                                                                              • Instruction Fuzzy Hash: E3D02E72600218ABD700DF98A4907CE3BFDDF44128F0041AAE108D7340EE309D098BC9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00913090, Relevance: .0, Instructions: 20COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c318c6e5f924c2843161f1f85f45a21ce2366bc3b28347b3921f3c1348a4e144
                                                                                                                                              • Instruction ID: 9ddbc648e183e651b0be809656af27a40bddcf0771fd134243817d32a7bba3fa
                                                                                                                                              • Opcode Fuzzy Hash: c318c6e5f924c2843161f1f85f45a21ce2366bc3b28347b3921f3c1348a4e144
                                                                                                                                              • Instruction Fuzzy Hash: BED05B713041245BCA153B6AB4184BD3FDBDEC5655304043DF607CB340CF6A6D0287D9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091D858, Relevance: .0, Instructions: 19COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 75f426d599b95e0de750367dd9c6bffef550e062d03b03c7baf80f81ea4bad20
                                                                                                                                              • Instruction ID: 54dd4dd7e08d35ee61720c19d422e42025c4c82fd10ed3ab2e43cd039646fc73
                                                                                                                                              • Opcode Fuzzy Hash: 75f426d599b95e0de750367dd9c6bffef550e062d03b03c7baf80f81ea4bad20
                                                                                                                                              • Instruction Fuzzy Hash: 91E092B4D0520D9F8B84DFA9D8416BEFFF4AB58300F20856AD958E2240E7745A91CFD5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00916160, Relevance: .0, Instructions: 18COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 69648ea6374228e2ceaab1e4c0ab63a4949a8957e2647cc1a43e9171d9281cbe
                                                                                                                                              • Instruction ID: 78927b278c94a5a5c00599b8249bdf083ae8d1dd50d3984187f49350d5f45933
                                                                                                                                              • Opcode Fuzzy Hash: 69648ea6374228e2ceaab1e4c0ab63a4949a8957e2647cc1a43e9171d9281cbe
                                                                                                                                              • Instruction Fuzzy Hash: 7CE0DF747182D1AFDB02A624E4186E83BE1E702264F1124AED1018B3A9CB385C868B55
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009172E0, Relevance: .0, Instructions: 18COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5920ae177932a3884e5f52b89e06e3a00fc51de6517bbbe43b5773ac5d4625fc
                                                                                                                                              • Instruction ID: e7edc03bf6fa4aa75b7f6fecdea9167c3d4ee383a9fa193da4416d607fb5d617
                                                                                                                                              • Opcode Fuzzy Hash: 5920ae177932a3884e5f52b89e06e3a00fc51de6517bbbe43b5773ac5d4625fc
                                                                                                                                              • Instruction Fuzzy Hash: 09D0A72974D3568FC71A676964640EABFABCB8662130C84BAD846CB251ED684C025381
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091B75B, Relevance: .0, Instructions: 18COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: cb126362bbe9e97e633a182d970b4ff7f3aa720e2034fe300f252c1f55ee1dfc
                                                                                                                                              • Instruction ID: a2cb18fd3691b0d7b61a799a63f576ce5c8d2b0355ad7ce10038650d2073ad23
                                                                                                                                              • Opcode Fuzzy Hash: cb126362bbe9e97e633a182d970b4ff7f3aa720e2034fe300f252c1f55ee1dfc
                                                                                                                                              • Instruction Fuzzy Hash: 4FE08674A083884FD715DA3BD560696BFE2EBC6348F1950ADC0458726FCA249943C710
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00915E40, Relevance: .0, Instructions: 18COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 73712687ab1c85053f864aa9f21d06e2880a5e88ee1a18102c3c85ee14da2b06
                                                                                                                                              • Instruction ID: c1691a12467e526261fe9298db589cc8804af91b55987e1025372708ac55cc21
                                                                                                                                              • Opcode Fuzzy Hash: 73712687ab1c85053f864aa9f21d06e2880a5e88ee1a18102c3c85ee14da2b06
                                                                                                                                              • Instruction Fuzzy Hash: 20D05B7274801197E305EB9EF4547AD3393DBC8366F144078D1498B789C979A8819F54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091A730, Relevance: .0, Instructions: 16COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0568cf50a77cc303dbf3d8423aec45def5bce407b6ac246e1a4c304125b2b0bf
                                                                                                                                              • Instruction ID: b809845413ef27b81f5ea88dfe783dc1db4868d34caee0c4c5f68483da5d32cd
                                                                                                                                              • Opcode Fuzzy Hash: 0568cf50a77cc303dbf3d8423aec45def5bce407b6ac246e1a4c304125b2b0bf
                                                                                                                                              • Instruction Fuzzy Hash: 73D02233A0032C6B0B04DAE868006DF7FADCA84034B0040AAD009E7300EE706D0442D6
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00915E7F, Relevance: .0, Instructions: 10COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 441430007ab36b4cfb86f033a9f6287f789e04dcbc1723ebafb1905141790209
                                                                                                                                              • Instruction ID: fd2b3e39f6845211b68f2c9dc959391802cc90ceeae4ddd5680c629b3bcc55c1
                                                                                                                                              • Opcode Fuzzy Hash: 441430007ab36b4cfb86f033a9f6287f789e04dcbc1723ebafb1905141790209
                                                                                                                                              • Instruction Fuzzy Hash: 50C012BA1252098BCB426F81B40969C3B28AB8030AB414864D2280A52A97A608878748
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00910440, Relevance: .0, Instructions: 9COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 77e61a420ef20c7998e58a2b75e24c5e874d945f8316715a6766e9cffafa04ad
                                                                                                                                              • Instruction ID: 32bbf445f6767a37387e1a45438bf8b41dc9a4d71aa9154115a82dc78a7258f8
                                                                                                                                              • Opcode Fuzzy Hash: 77e61a420ef20c7998e58a2b75e24c5e874d945f8316715a6766e9cffafa04ad
                                                                                                                                              • Instruction Fuzzy Hash: 27C0481209FBC99EC70382381C3D2686F612E130443AA90EB84C08A1AB9A09081B9337
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00915E90, Relevance: .0, Instructions: 7COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3450c264be3f5732b8afd2ea2cdfe4a66135d773d787e509516fcda935f34560
                                                                                                                                              • Instruction ID: a7f01867744a0625ed4a849a28380d5198ed01cc6971a4ed4b70b79d2c4d6564
                                                                                                                                              • Opcode Fuzzy Hash: 3450c264be3f5732b8afd2ea2cdfe4a66135d773d787e509516fcda935f34560
                                                                                                                                              • Instruction Fuzzy Hash: 03B0123100830E8B8B407FDAF40584C3F1CD6C06483400C21E20C0A5399AE828C5879C
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091FF87, Relevance: .0, Instructions: 7COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d193bf2e7f042f924d93c86f2c87a8c9c54d24f8686a895a85325d77239ad29d
                                                                                                                                              • Instruction ID: 33ee30348361ef001c4a4b7c9e4ef5b8a53a847fab6929afbbc68695ac87d298
                                                                                                                                              • Opcode Fuzzy Hash: d193bf2e7f042f924d93c86f2c87a8c9c54d24f8686a895a85325d77239ad29d
                                                                                                                                              • Instruction Fuzzy Hash: 9DB0123005C60D4F8B407FE4F05428C3F38F7801083000C12D11C0B11DAEA409C647C4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091FF88, Relevance: .0, Instructions: 7COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 27dc9ec0465dc9ac055f47f3fbacf89dea33be303ccbaa4b2243ad4cb2396e8e
                                                                                                                                              • Instruction ID: dd5a66488c167335ea19738824b1603c49b23bf9ad459adf3faaad85b1446b7a
                                                                                                                                              • Opcode Fuzzy Hash: 27dc9ec0465dc9ac055f47f3fbacf89dea33be303ccbaa4b2243ad4cb2396e8e
                                                                                                                                              • Instruction Fuzzy Hash: DDB0123005C70D4F8A407BE9F41464C3B2CF6801083400C12D10C0711D6EA428C447C8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091A700, Relevance: .0, Instructions: 6COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d431e462c94653187d373e710eaa9ae37b4a5fcefa236a6fd1c35e053a71be57
                                                                                                                                              • Instruction ID: 8458055c2ecaead5c257a70ff9bf3e41a18e4b7ac1dd03a4f572f2edff238c3e
                                                                                                                                              • Opcode Fuzzy Hash: d431e462c94653187d373e710eaa9ae37b4a5fcefa236a6fd1c35e053a71be57
                                                                                                                                              • Instruction Fuzzy Hash: 78C0147151C4D14FDF01C74CDC457543710570114DF4440D5D57157175D314D0554757
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 00916BB0, Relevance: 16.7, Strings: 13, Instructions: 422COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: lfs$lfs$lfs$lfs$lfs$lfs$lfs$lfs$lfs$lfs$lfs$lfs$lfs
                                                                                                                                              • API String ID: 0-765153580
                                                                                                                                              • Opcode ID: 31345b87213c6af42be59ebd2ed76eed6f0299fb2fbbd23fb92edd93c8c64ae4
                                                                                                                                              • Instruction ID: 9f9bb5d2d3cc69eb9024a05a64fc08e6b7a74f81ef9fe174e0d24dada0504c35
                                                                                                                                              • Opcode Fuzzy Hash: 31345b87213c6af42be59ebd2ed76eed6f0299fb2fbbd23fb92edd93c8c64ae4
                                                                                                                                              • Instruction Fuzzy Hash: BBE1D374B04214AFCB149BB4D4545AE7FB6EF86304F14C46AE90ADF382EB399D42CB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00915518, Relevance: 8.9, Strings: 7, Instructions: 141COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: ,~<l$,~<l$,~<l$,~<l$,~<l$,~<l$,~<l
                                                                                                                                              • API String ID: 0-4187605882
                                                                                                                                              • Opcode ID: 17b27cb09f5e02f9652a378b4c082c0ee1fcc75d279d342680dda70bafb484dc
                                                                                                                                              • Instruction ID: 655199b73a7a3031a0a27bbed8b9cc673f82c537ebfd0c29f4b0abcb268e5750
                                                                                                                                              • Opcode Fuzzy Hash: 17b27cb09f5e02f9652a378b4c082c0ee1fcc75d279d342680dda70bafb484dc
                                                                                                                                              • Instruction Fuzzy Hash: 5B41EE393002449FDB05B675E8E45BE776BEBC7284B140C29D8028B799CF38AC064BF6
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00915952, Relevance: 8.9, Strings: 7, Instructions: 110COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: ,~<l$,~<l$,~<l$,~<l$,~<l$,~<l$,~<l
                                                                                                                                              • API String ID: 0-4187605882
                                                                                                                                              • Opcode ID: 5c2e5bb0270d84e733343fcb534b9647556b74b3fa89d8d5c95f45b9d7146cf7
                                                                                                                                              • Instruction ID: d7ca34ae7e3e36131c21f58ffc6e6266840f833d41f3d0d8f68aaebbf54861cd
                                                                                                                                              • Opcode Fuzzy Hash: 5c2e5bb0270d84e733343fcb534b9647556b74b3fa89d8d5c95f45b9d7146cf7
                                                                                                                                              • Instruction Fuzzy Hash: 473190383001549FDB05B775E8E567E665BEBC7688B105C28E8429B79CCF3CAC064BE6
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00915528, Relevance: 8.9, Strings: 7, Instructions: 107COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: ,~<l$,~<l$,~<l$,~<l$,~<l$,~<l$,~<l
                                                                                                                                              • API String ID: 0-4187605882
                                                                                                                                              • Opcode ID: f5dee283b63240c7869dd36eb592806c082dddbe6b6c910649143b7921c12fa4
                                                                                                                                              • Instruction ID: 826f9d09461f57453f342f85cbc686810c68aac3efda83cbe65718eadf8fcc0e
                                                                                                                                              • Opcode Fuzzy Hash: f5dee283b63240c7869dd36eb592806c082dddbe6b6c910649143b7921c12fa4
                                                                                                                                              • Instruction Fuzzy Hash: BB31AF383011549FDB057676E8A467E665BEBC76D4B504C28E8069B78CCF3DAC024BF6
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00915960, Relevance: 8.9, Strings: 7, Instructions: 107COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: ,~<l$,~<l$,~<l$,~<l$,~<l$,~<l$,~<l
                                                                                                                                              • API String ID: 0-4187605882
                                                                                                                                              • Opcode ID: 1785ab365ea92b76310acbbdf180ef9e48cce353a7d15fd99bdf47f4e3c15e18
                                                                                                                                              • Instruction ID: ad99442c82029bb70dd7124c7f2b880131e5d27adb966cba6880dd9a6a30f7dd
                                                                                                                                              • Opcode Fuzzy Hash: 1785ab365ea92b76310acbbdf180ef9e48cce353a7d15fd99bdf47f4e3c15e18
                                                                                                                                              • Instruction Fuzzy Hash: 8831C2383001549BDB057275E8F567E625BEBC7688B105C28E8029B78CCF3CAC0647F6
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091DC80, Relevance: 6.5, Strings: 5, Instructions: 274COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: lfs$lfs$lfs$lfs$lfs
                                                                                                                                              • API String ID: 0-2849839246
                                                                                                                                              • Opcode ID: 37475014a9490474a208dce88c627721df9ee597110b99e79db2c208bfed9473
                                                                                                                                              • Instruction ID: 21ebb02339ce006b08ef0e7c76f794c92a295a8b693c6713fa266d9e70e23b19
                                                                                                                                              • Opcode Fuzzy Hash: 37475014a9490474a208dce88c627721df9ee597110b99e79db2c208bfed9473
                                                                                                                                              • Instruction Fuzzy Hash: 37910174B052448FDB24DB7994546AE7FFAEFC6304B1484BAD906CB392EB34DC428B91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0091D888, Relevance: 5.3, Strings: 4, Instructions: 284COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: lfs$lfs$lfs$lfs
                                                                                                                                              • API String ID: 0-852790917
                                                                                                                                              • Opcode ID: 93b24d93df50462b3724b883678ced666a66f106d2804f405870b5e380f17848
                                                                                                                                              • Instruction ID: eb78e0b0c8eef97e0eea7e4791827e4421d31da267012fe9cedb41c76647f500
                                                                                                                                              • Opcode Fuzzy Hash: 93b24d93df50462b3724b883678ced666a66f106d2804f405870b5e380f17848
                                                                                                                                              • Instruction Fuzzy Hash: C8C1FA74B001089FDB54DFA5D494AAEBBB6EF89304F108469E906EB3A9DF349C42CB51
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00916958, Relevance: 5.2, Strings: 4, Instructions: 164COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.398187428.0000000000910000.00000040.00000001.sdmp, Offset: 00910000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_910000_xD2TnigEaY.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: lfs$lfs$lfs$lfs
                                                                                                                                              • API String ID: 0-852790917
                                                                                                                                              • Opcode ID: dbbc3e700d8a73dcf8148c9fe1f25aa373669d85fe24003cb4a50d308b612dd1
                                                                                                                                              • Instruction ID: d4cffe11019fb257d929cfc19e8d805aa02ce2dbef88e998bc32c3641daf3128
                                                                                                                                              • Opcode Fuzzy Hash: dbbc3e700d8a73dcf8148c9fe1f25aa373669d85fe24003cb4a50d308b612dd1
                                                                                                                                              • Instruction Fuzzy Hash: C151F574B08204AFDB14DB64D4546AE7BB6EF86344F14C82AE806DB385DB39DD42CB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%