Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PIptrFxrxR.exe

Overview

General Information

Sample Name:PIptrFxrxR.exe
Analysis ID:715160
MD5:3570cfa79638c148588f3f22a7ad58c9
SHA1:205fcd2a3a45d91ee1bdbaf820f49967539e0159
SHA256:5b82bbf81826faa8e2ff41c468af4632d3151eabec01e5535d9a7c4659528c51
Tags:exeRedLineStealer
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Snort IDS alert for network traffic
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to steal Crypto Currency Wallets
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Machine Learning detection for sample
Tries to harvest and steal browser information (history, passwords, etc)
Creates a DirectInput object (often for capturing keystrokes)
Is looking for software installed on the system
Uses 32bit PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Sample file is different than original file name gathered from version info
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected TCP or UDP traffic on non-standard ports
Internet Provider seen in connection with other malware
Binary contains a suspicious time stamp
Detected potential crypto function
Yara detected Credential Stealer
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Contains long sleeps (>= 3 min)
Enables debug privileges

Classification

  • System is w10x64
  • PIptrFxrxR.exe (PID: 3804 cmdline: C:\Users\user\Desktop\PIptrFxrxR.exe MD5: 3570CFA79638C148588F3F22A7AD58C9)
  • cleanup
{"C2 url": ["65.108.247.147:37767"], "Authorization Header": "6a82f1fb90afb278c299e83d46279927"}
SourceRuleDescriptionAuthorStrings
PIptrFxrxR.exeMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
  • 0x1c68:$pat14: , CommandLine:
  • 0x39a2b:$v2_1: ListOfProcesses
  • 0x397b4:$v4_3: base64str
  • 0x3a8c2:$v4_4: stringKey
  • 0x3729f:$v4_5: BytesToStringConverted
  • 0x362e6:$v4_6: FromBase64
  • 0x37a9b:$v4_8: procName
  • 0x37e38:$v5_1: DownloadAndExecuteUpdate
  • 0x396c4:$v5_2: ITaskProcessor
  • 0x37e26:$v5_3: CommandLineUpdate
  • 0x37e17:$v5_4: DownloadUpdate
  • 0x3853f:$v5_5: FileScanning
  • 0x3761e:$v5_7: RecordHeaderField
  • 0x3700c:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: PIptrFxrxR.exe PID: 3804JoeSecurity_RedLineYara detected RedLine StealerJoe Security
            Process Memory Space: PIptrFxrxR.exe PID: 3804JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              SourceRuleDescriptionAuthorStrings
              0.0.PIptrFxrxR.exe.990000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
              • 0x1c68:$pat14: , CommandLine:
              • 0x39a2b:$v2_1: ListOfProcesses
              • 0x397b4:$v4_3: base64str
              • 0x3a8c2:$v4_4: stringKey
              • 0x3729f:$v4_5: BytesToStringConverted
              • 0x362e6:$v4_6: FromBase64
              • 0x37a9b:$v4_8: procName
              • 0x37e38:$v5_1: DownloadAndExecuteUpdate
              • 0x396c4:$v5_2: ITaskProcessor
              • 0x37e26:$v5_3: CommandLineUpdate
              • 0x37e17:$v5_4: DownloadUpdate
              • 0x3853f:$v5_5: FileScanning
              • 0x3761e:$v5_7: RecordHeaderField
              • 0x3700c:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
              No Sigma rule has matched
              Timestamp:192.168.2.565.108.247.14749698377672850027 10/03/22-17:33:23.343299
              SID:2850027
              Source Port:49698
              Destination Port:37767
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.565.108.247.14749698377672850286 10/03/22-17:33:45.506493
              SID:2850286
              Source Port:49698
              Destination Port:37767
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:65.108.247.147192.168.2.537767496982850353 10/03/22-17:33:24.983524
              SID:2850353
              Source Port:37767
              Destination Port:49698
              Protocol:TCP
              Classtype:A Network Trojan was detected

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: PIptrFxrxR.exeReversingLabs: Detection: 80%
              Source: PIptrFxrxR.exeVirustotal: Detection: 66%Perma Link
              Source: PIptrFxrxR.exeMetadefender: Detection: 61%Perma Link
              Source: PIptrFxrxR.exeJoe Sandbox ML: detected
              Source: PIptrFxrxR.exeMalware Configuration Extractor: RedLine {"C2 url": ["65.108.247.147:37767"], "Authorization Header": "6a82f1fb90afb278c299e83d46279927"}
              Source: PIptrFxrxR.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: PIptrFxrxR.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

              Networking

              barindex
              Source: TrafficSnort IDS: 2850027 ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.5:49698 -> 65.108.247.147:37767
              Source: TrafficSnort IDS: 2850286 ETPRO TROJAN Redline Stealer TCP CnC Activity 192.168.2.5:49698 -> 65.108.247.147:37767
              Source: TrafficSnort IDS: 2850353 ETPRO MALWARE Redline Stealer TCP CnC - Id1Response 65.108.247.147:37767 -> 192.168.2.5:49698
              Source: global trafficTCP traffic: 192.168.2.5:49698 -> 65.108.247.147:37767
              Source: Joe Sandbox ViewASN Name: ALABANZA-BALTUS ALABANZA-BALTUS
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: unknownTCP traffic detected without corresponding DNS query: 65.108.247.147
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
              Source: PIptrFxrxR.exe, 00000000.00000002.396395728.000000000151E000.00000004.00000020.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000003.392866445.000000000151C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.c/g
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faulth
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
              Source: PIptrFxrxR.exe, 00000000.00000002.397506308.0000000002F99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.397506308.0000000002F99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
              Source: PIptrFxrxR.exe, 00000000.00000002.401721951.00000000034CC000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.397506308.0000000002F99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.397506308.0000000002F99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.397506308.0000000002F99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Responsed
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.397506308.0000000002F99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
              Source: PIptrFxrxR.exe, 00000000.00000002.397506308.0000000002F99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Responsed
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.397506308.0000000002F99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
              Source: PIptrFxrxR.exe, 00000000.00000002.397506308.0000000002F99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
              Source: PIptrFxrxR.exe, 00000000.00000002.401721951.00000000034CC000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.397506308.0000000002F99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.397506308.0000000002F99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
              Source: PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
              Source: PIptrFxrxR.exe, 00000000.00000002.402706969.0000000003EF0000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.401620836.00000000034BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
              Source: PIptrFxrxR.exe, 00000000.00000002.402706969.0000000003EF0000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.401620836.00000000034BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: PIptrFxrxR.exe, 00000000.00000002.402706969.0000000003EF0000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.401620836.00000000034BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: PIptrFxrxR.exe, 00000000.00000002.398595426.0000000003124000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.399235681.000000000321E000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.399542263.000000000328F000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.400059135.000000000332B000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.402706969.0000000003EF0000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.401620836.00000000034BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: PIptrFxrxR.exe, 00000000.00000002.402706969.0000000003EF0000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.401620836.00000000034BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: PIptrFxrxR.exe, 00000000.00000002.398595426.0000000003124000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.399235681.000000000321E000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.399542263.000000000328F000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.400059135.000000000332B000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.402706969.0000000003EF0000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.401620836.00000000034BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
              Source: PIptrFxrxR.exe, 00000000.00000002.398595426.0000000003124000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.399235681.000000000321E000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.399542263.000000000328F000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.400059135.000000000332B000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.402706969.0000000003EF0000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.401620836.00000000034BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
              Source: PIptrFxrxR.exe, 00000000.00000002.402706969.0000000003EF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
              Source: PIptrFxrxR.exe, 00000000.00000002.398595426.0000000003124000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.399235681.000000000321E000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.399542263.000000000328F000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.400059135.000000000332B000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.402706969.0000000003EF0000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.401620836.00000000034BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
              Source: PIptrFxrxR.exe, 00000000.00000002.398595426.0000000003124000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.399235681.000000000321E000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.399542263.000000000328F000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.400059135.000000000332B000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.402706969.0000000003EF0000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.401620836.00000000034BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: PIptrFxrxR.exe, 00000000.00000002.394385561.0000000001149000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

              System Summary

              barindex
              Source: PIptrFxrxR.exe, type: SAMPLEMatched rule: Detects RedLine infostealer Author: ditekSHen
              Source: 0.0.PIptrFxrxR.exe.990000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
              Source: PIptrFxrxR.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: PIptrFxrxR.exe, type: SAMPLEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
              Source: 0.0.PIptrFxrxR.exe.990000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
              Source: PIptrFxrxR.exe, 00000000.00000000.295610288.0000000000992000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameThanatoid.exe4 vs PIptrFxrxR.exe
              Source: PIptrFxrxR.exe, 00000000.00000002.394385561.0000000001149000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PIptrFxrxR.exe
              Source: PIptrFxrxR.exe, 00000000.00000002.397506308.0000000002F99000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs PIptrFxrxR.exe
              Source: PIptrFxrxR.exeBinary or memory string: OriginalFilenameThanatoid.exe4 vs PIptrFxrxR.exe
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_010441A00_2_010441A0
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_010428590_2_01042859
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_010432980_2_01043298
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_010412DE0_2_010412DE
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_0104A5700_2_0104A570
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_010404480_2_01040448
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_01041F600_2_01041F60
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_01047F7B0_2_01047F7B
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_0104416B0_2_0104416B
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_010450290_2_01045029
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_010450380_2_01045038
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_0104B2100_2_0104B210
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_010462B00_2_010462B0
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_010462C00_2_010462C0
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_0104A5200_2_0104A520
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_0104041F0_2_0104041F
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_01045C200_2_01045C20
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_01045C300_2_01045C30
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_010474400_2_01047440
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_010474A80_2_010474A8
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_010464B80_2_010464B8
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_010464C80_2_010464C8
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_0104A4E30_2_0104A4E3
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_01041F030_2_01041F03
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_01049F410_2_01049F41
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_01049F800_2_01049F80
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_01046E280_2_01046E28
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_014BF1400_2_014BF140
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_014B49900_2_014B4990
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_014B71B80_2_014B71B8
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_014BFA100_2_014BFA10
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_014B76780_2_014B7678
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_014B56880_2_014B5688
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_014B49810_2_014B4981
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_014B71A90_2_014B71A9
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_014BEDF80_2_014BEDF8
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_014B57620_2_014B5762
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_014B57770_2_014B5777
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_014B57380_2_014B5738
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_014B76670_2_014B7667
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_014B56790_2_014B5679
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_014B76FD0_2_014B76FD
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_0150E9500_2_0150E950
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_0150AE400_2_0150AE40
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_0150EE880_2_0150EE88
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_0150CEA80_2_0150CEA8
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_0150A1080_2_0150A108
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_0150F1C80_2_0150F1C8
              Source: PIptrFxrxR.exeReversingLabs: Detection: 80%
              Source: PIptrFxrxR.exeVirustotal: Detection: 66%
              Source: PIptrFxrxR.exeMetadefender: Detection: 61%
              Source: PIptrFxrxR.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: PIptrFxrxR.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeFile created: C:\Users\user\AppData\Local\YandexJump to behavior
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/1@0/1
              Source: PIptrFxrxR.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: PIptrFxrxR.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_01048B08 pushad ; iretd 0_2_01048B09
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_01048B12 pushad ; iretd 0_2_01048B13
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_01042DFB push ds; ret 0_2_01042E04
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeCode function: 0_2_014B1B5B push esp; retf 0575h0_2_014B1D79
              Source: PIptrFxrxR.exeStatic PE information: 0xF5E7E28F [Sun Sep 26 04:05:35 2100 UTC]
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeWindow / User API: threadDelayed 4764Jump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exe TID: 3316Thread sleep time: -5534023222112862s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exe TID: 5960Thread sleep count: 4764 > 30Jump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exe TID: 4848Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: PIptrFxrxR.exe, 00000000.00000002.409854122.0000000006254000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
              Source: PIptrFxrxR.exe, 00000000.00000002.409854122.0000000006254000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMware18TMEWF6Win32_VideoControllerGLR9OPV8VideoController120060621000000.000000-00038816352display.infMSBDAGB3BOPF9PCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsOLNVTUVA
              Source: PIptrFxrxR.exe, 00000000.00000002.394727901.000000000117F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeMemory allocated: page read and write | page guardJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeQueries volume information: C:\Users\user\Desktop\PIptrFxrxR.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: PIptrFxrxR.exe, 00000000.00000002.409854122.0000000006254000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.394727901.000000000117F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

              Stealing of Sensitive Information

              barindex
              Source: Yara matchFile source: dump.pcap, type: PCAP
              Source: Yara matchFile source: 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: PIptrFxrxR.exe PID: 3804, type: MEMORYSTR
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\Desktop\PIptrFxrxR.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: Yara matchFile source: 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: PIptrFxrxR.exe PID: 3804, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Source: Yara matchFile source: dump.pcap, type: PCAP
              Source: Yara matchFile source: 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: PIptrFxrxR.exe PID: 3804, type: MEMORYSTR
              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid Accounts221
              Windows Management Instrumentation
              Path InterceptionPath Interception1
              Masquerading
              1
              OS Credential Dumping
              231
              Security Software Discovery
              Remote Services1
              Input Capture
              Exfiltration Over Other Network Medium1
              Encrypted Channel
              Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
              Disable or Modify Tools
              1
              Input Capture
              11
              Process Discovery
              Remote Desktop Protocol1
              Archive Collected Data
              Exfiltration Over Bluetooth1
              Non-Standard Port
              Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)231
              Virtualization/Sandbox Evasion
              Security Account Manager231
              Virtualization/Sandbox Evasion
              SMB/Windows Admin Shares2
              Data from Local System
              Automated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
              Obfuscated Files or Information
              NTDS1
              Application Window Discovery
              Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
              Timestomp
              LSA Secrets123
              System Information Discovery
              SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand
              SourceDetectionScannerLabelLink
              PIptrFxrxR.exe81%ReversingLabsByteCode-MSIL.Infostealer.RedLine
              PIptrFxrxR.exe66%VirustotalBrowse
              PIptrFxrxR.exe61%MetadefenderBrowse
              PIptrFxrxR.exe100%Joe Sandbox ML
              No Antivirus matches
              No Antivirus matches
              No Antivirus matches
              SourceDetectionScannerLabelLink
              http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
              http://tempuri.org/0%URL Reputationsafe
              http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
              http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
              http://ns.adobe.c/g0%URL Reputationsafe
              http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
              http://tempuri.org/Entity/Id90%URL Reputationsafe
              http://tempuri.org/Entity/Id80%URL Reputationsafe
              http://tempuri.org/Entity/Id50%URL Reputationsafe
              http://tempuri.org/Entity/Id40%URL Reputationsafe
              http://tempuri.org/Entity/Id70%URL Reputationsafe
              http://tempuri.org/Entity/Id60%URL Reputationsafe
              http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
              http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
              http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
              http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
              https://api.ip.sb/ip0%URL Reputationsafe
              http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
              http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
              http://tempuri.org/Entity/Id200%URL Reputationsafe
              http://tempuri.org/Entity/Id210%URL Reputationsafe
              http://tempuri.org/Entity/Id220%URL Reputationsafe
              http://tempuri.org/Entity/Id230%URL Reputationsafe
              http://tempuri.org/Entity/Id240%URL Reputationsafe
              http://tempuri.org/Entity/Id240%URL Reputationsafe
              http://tempuri.org/Entity/Id24Response0%URL Reputationsafe
              http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
              http://tempuri.org/Entity/Id100%URL Reputationsafe
              http://tempuri.org/Entity/Id110%URL Reputationsafe
              http://tempuri.org/Entity/Id120%URL Reputationsafe
              http://tempuri.org/Entity/Id120%URL Reputationsafe
              http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
              http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
              http://tempuri.org/Entity/Id130%URL Reputationsafe
              http://tempuri.org/Entity/Id140%URL Reputationsafe
              http://tempuri.org/Entity/Id150%URL Reputationsafe
              http://tempuri.org/Entity/Id160%URL Reputationsafe
              http://tempuri.org/Entity/Id170%URL Reputationsafe
              http://tempuri.org/Entity/Id180%URL Reputationsafe
              http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
              http://tempuri.org/Entity/Id190%URL Reputationsafe
              http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
              http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
              http://tempuri.org/Entity/Id8Response0%URL Reputationsafe
              http://tempuri.org/Entity/Id23Response0%URL Reputationsafe
              No contacted domains info
              NameSourceMaliciousAntivirus DetectionReputation
              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                high
                http://schemas.xmlsoap.org/ws/2005/02/sc/sctPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                  high
                  https://duckduckgo.com/chrome_newtabPIptrFxrxR.exe, 00000000.00000002.398595426.0000000003124000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.399235681.000000000321E000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.399542263.000000000328F000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.400059135.000000000332B000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.402706969.0000000003EF0000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.401620836.00000000034BF000.00000004.00000800.00020000.00000000.sdmpfalse
                    high
                    http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                      high
                      https://duckduckgo.com/ac/?q=PIptrFxrxR.exe, 00000000.00000002.402706969.0000000003EF0000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.401620836.00000000034BF000.00000004.00000800.00020000.00000000.sdmpfalse
                        high
                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          http://tempuri.org/Entity/Id12ResponsePIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          unknown
                          http://tempuri.org/PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          unknown
                          http://tempuri.org/Entity/Id2ResponsePIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          unknown
                          http://ns.adobe.c/gPIptrFxrxR.exe, 00000000.00000002.396395728.000000000151E000.00000004.00000020.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000003.392866445.000000000151C000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          unknown
                          http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            http://tempuri.org/Entity/Id21ResponsePIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              http://tempuri.org/Entity/Id9PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              unknown
                              http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                http://schemas.xmlsoap.org/ws/2004/08/addressing/faulthPIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://tempuri.org/Entity/Id8PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  unknown
                                  http://tempuri.org/Entity/Id5PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  unknown
                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/PreparePIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    http://tempuri.org/Entity/Id4PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    unknown
                                    http://tempuri.org/Entity/Id7PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    unknown
                                    http://tempuri.org/Entity/Id6PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    unknown
                                    http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      http://tempuri.org/Entity/Id19ResponsePIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licensePIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssuePIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencePIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/faultPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                http://schemas.xmlsoap.org/ws/2004/10/wsatPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    http://tempuri.org/Entity/Id15ResponsePIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePIptrFxrxR.exe, 00000000.00000002.397506308.0000000002F99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://tempuri.org/Entity/Id6ResponsePIptrFxrxR.exe, 00000000.00000002.401721951.00000000034CC000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          unknown
                                                          http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://api.ip.sb/ipPIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://schemas.xmlsoap.org/ws/2004/04/scPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://tempuri.org/Entity/Id9ResponsePIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  unknown
                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=PIptrFxrxR.exe, 00000000.00000002.402706969.0000000003EF0000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.401620836.00000000034BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://tempuri.org/Entity/Id20PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    http://tempuri.org/Entity/Id21PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    http://tempuri.org/Entity/Id22PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://tempuri.org/Entity/Id23PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://tempuri.org/Entity/Id24PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssuePIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://tempuri.org/Entity/Id24ResponsePIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          http://tempuri.org/Entity/Id1ResponsePIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=PIptrFxrxR.exe, 00000000.00000002.398595426.0000000003124000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.399235681.000000000321E000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.399542263.000000000328F000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.400059135.000000000332B000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.402706969.0000000003EF0000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.401620836.00000000034BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedPIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplayPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinaryPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://schemas.xmlsoap.org/ws/2004/08/addressingPIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssuePIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://schemas.xmlsoap.org/ws/2004/04/trustPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://tempuri.org/Entity/Id10PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  http://tempuri.org/Entity/Id11PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  http://tempuri.org/Entity/Id12PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  http://tempuri.org/Entity/Id16ResponsePIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.397506308.0000000002F99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponsePIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://tempuri.org/Entity/Id13PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      http://tempuri.org/Entity/Id14PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      http://tempuri.org/Entity/Id15PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      http://tempuri.org/Entity/Id16PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/NoncePIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://tempuri.org/Entity/Id17PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        unknown
                                                                                                        http://tempuri.org/Entity/Id18PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        unknown
                                                                                                        http://tempuri.org/Entity/Id5ResponsePIptrFxrxR.exe, 00000000.00000002.397506308.0000000002F99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        unknown
                                                                                                        http://tempuri.org/Entity/Id19PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        unknown
                                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsPIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://tempuri.org/Entity/Id10ResponsePIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.397506308.0000000002F99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RenewPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            http://tempuri.org/Entity/Id8ResponsePIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.397506308.0000000002F99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://schemas.xmlsoap.org/ws/2006/02/addressingidentityPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://schemas.xmlsoap.org/soap/envelope/PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://search.yahoo.com?fr=crmas_sfpfPIptrFxrxR.exe, 00000000.00000002.398595426.0000000003124000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.399235681.000000000321E000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.399542263.000000000328F000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.400059135.000000000332B000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.402706969.0000000003EF0000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.401620836.00000000034BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1PIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trustPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://tempuri.org/Entity/Id23ResponsePIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.396923501.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, PIptrFxrxR.exe, 00000000.00000002.397506308.0000000002F99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  unknown
                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/06/addressingexPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wscoorPIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/NoncePIptrFxrxR.exe, 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          • No. of IPs < 25%
                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                          • 75% < No. of IPs
                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                          65.108.247.147
                                                                                                                                          unknownUnited States
                                                                                                                                          11022ALABANZA-BALTUStrue
                                                                                                                                          Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                                          Analysis ID:715160
                                                                                                                                          Start date and time:2022-10-03 17:32:07 +02:00
                                                                                                                                          Joe Sandbox Product:CloudBasic
                                                                                                                                          Overall analysis duration:0h 6m 8s
                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                          Report type:full
                                                                                                                                          Sample file name:PIptrFxrxR.exe
                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                          Number of analysed new started processes analysed:3
                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                          Technologies:
                                                                                                                                          • HCA enabled
                                                                                                                                          • EGA enabled
                                                                                                                                          • HDC enabled
                                                                                                                                          • AMSI enabled
                                                                                                                                          Analysis Mode:default
                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                          Detection:MAL
                                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@1/1@0/1
                                                                                                                                          EGA Information:
                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                          HDC Information:Failed
                                                                                                                                          HCA Information:
                                                                                                                                          • Successful, ratio: 92%
                                                                                                                                          • Number of executed functions: 126
                                                                                                                                          • Number of non-executed functions: 17
                                                                                                                                          Cookbook Comments:
                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                          • Stop behavior analysis, all processes terminated
                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, conhost.exe
                                                                                                                                          • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                          TimeTypeDescription
                                                                                                                                          17:33:42API Interceptor26x Sleep call for process: PIptrFxrxR.exe modified
                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                          65.108.247.147xDPO7BHXsZ.exeGet hashmaliciousBrowse
                                                                                                                                            No context
                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                            ALABANZA-BALTUSxDPO7BHXsZ.exeGet hashmaliciousBrowse
                                                                                                                                            • 65.108.247.147
                                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                                            • 65.108.244.197
                                                                                                                                            Vw06iaSv0Q.exeGet hashmaliciousBrowse
                                                                                                                                            • 65.108.10.141
                                                                                                                                            http://get-kicks-nft.selenmuratoglu.com/id-4765Get hashmaliciousBrowse
                                                                                                                                            • 65.108.244.197
                                                                                                                                            http://gaathaete.in.net/?u=k8pp605&o=c9ewtnr&t=redn_nocfGet hashmaliciousBrowse
                                                                                                                                            • 65.108.244.197
                                                                                                                                            http://www.puusektori.fiGet hashmaliciousBrowse
                                                                                                                                            • 65.108.244.197
                                                                                                                                            https://zeroheight.com/7f786d2c2Get hashmaliciousBrowse
                                                                                                                                            • 65.108.196.34
                                                                                                                                            zve7NIAWhn.elfGet hashmaliciousBrowse
                                                                                                                                            • 65.109.195.238
                                                                                                                                            NIGi5.elfGet hashmaliciousBrowse
                                                                                                                                            • 216.147.99.185
                                                                                                                                            S5Tl6jumRJ.exeGet hashmaliciousBrowse
                                                                                                                                            • 65.109.13.85
                                                                                                                                            S5Tl6jumRJ.exeGet hashmaliciousBrowse
                                                                                                                                            • 65.109.13.85
                                                                                                                                            tnt shipping papers.exeGet hashmaliciousBrowse
                                                                                                                                            • 65.109.53.171
                                                                                                                                            https://redstream.online/Get hashmaliciousBrowse
                                                                                                                                            • 65.108.188.9
                                                                                                                                            AE40B1604E91A796697711123B511B4404635B7297C4E.exeGet hashmaliciousBrowse
                                                                                                                                            • 65.108.213.210
                                                                                                                                            yakuza.x86.elfGet hashmaliciousBrowse
                                                                                                                                            • 216.147.52.140
                                                                                                                                            https://buyiceply.live/?utm_campaign=INccHxHRWrew3TQsLBbfNnbGFYUZobMqxXT9Zrw5FhI1&t=main9otherGet hashmaliciousBrowse
                                                                                                                                            • 65.108.244.197
                                                                                                                                            KOfIj1NrBu.elfGet hashmaliciousBrowse
                                                                                                                                            • 65.108.2.76
                                                                                                                                            nB3rHCKjvR.elfGet hashmaliciousBrowse
                                                                                                                                            • 64.176.126.40
                                                                                                                                            http://37.1.209.213/xD252Hx3?host=garciasgreatdaneshome.us/&mark=04092022_10us_320k_htm_Notitle_AlexTempl_Linked_1kk&keyword=multiselect-dropdown-in-kendo-grid-mvc&template=&se_referrer=https%3A%2F%2Fwww.google.com%Get hashmaliciousBrowse
                                                                                                                                            • 65.108.244.197
                                                                                                                                            http://37.1.209.213/xD252Hx3?host=garciasgreatdaneshome.us/&mark=04092022_10us_320k_htm_Notitle_AlexTempl_Linked_1kk&keyword=multiselect-dropdown-in-kendo-grid-mvc&template=&se_referrer=https%3A%2F%2Fwww.google.com%Get hashmaliciousBrowse
                                                                                                                                            • 65.108.244.197
                                                                                                                                            No context
                                                                                                                                            No context
                                                                                                                                            Process:C:\Users\user\Desktop\PIptrFxrxR.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2843
                                                                                                                                            Entropy (8bit):5.3371553026862095
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:MxHKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHK1HjHK0:iqXeqm00YqhQnouOqLqdqNq2qzcGtIxY
                                                                                                                                            MD5:9A010D404524B7E80B293AEC6FB4AF7F
                                                                                                                                            SHA1:B238A081C1D05DA6F76DA2F30C529C4275CCF5CF
                                                                                                                                            SHA-256:3FF08BA477214E6F51EC1F879A44FC02CBE69A69B072E7B317F337A786B21D63
                                                                                                                                            SHA-512:C7D0D118BFF6E2EDEF02290FC042556502D99967A37A5EDF98AF905BA66C4C2D2C159594DB3D22B5117EC5AA7DB910313A6370F650B9534D5B17E57378E02E2A
                                                                                                                                            Malicious:true
                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi
                                                                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Entropy (8bit):6.04482516274698
                                                                                                                                            TrID:
                                                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                            • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                            File name:PIptrFxrxR.exe
                                                                                                                                            File size:369152
                                                                                                                                            MD5:3570cfa79638c148588f3f22a7ad58c9
                                                                                                                                            SHA1:205fcd2a3a45d91ee1bdbaf820f49967539e0159
                                                                                                                                            SHA256:5b82bbf81826faa8e2ff41c468af4632d3151eabec01e5535d9a7c4659528c51
                                                                                                                                            SHA512:2dba3f1abfea0fe86fbf9581953528b02e88f96f45d2a22092bbc5d3922cb7540843d61758b3ee10dd57af70b38119dbfd1868df6d910562f607ed99f328144a
                                                                                                                                            SSDEEP:6144:tJhbp5Iy4wUHkjT/eASp1+7lvoe/YuasdHQO33JnTyIuHOn4ssEFZIQ3uSwsZ5jY:vhf+DMTmASP+uewuasdHQO33JnTyIuHZ
                                                                                                                                            TLSH:6074619D766072EFC857C976CAA81C64FA7074BB930BD203A06316ED9A4D59BCF140F2
                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.............>.... ........@.. ....................................@................................
                                                                                                                                            Icon Hash:5161454747646c1b
                                                                                                                                            Entrypoint:0x45b13e
                                                                                                                                            Entrypoint Section:.text
                                                                                                                                            Digitally signed:false
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            Subsystem:windows gui
                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                            Time Stamp:0xF5E7E28F [Sun Sep 26 04:05:35 2100 UTC]
                                                                                                                                            TLS Callbacks:
                                                                                                                                            CLR (.Net) Version:
                                                                                                                                            OS Version Major:4
                                                                                                                                            OS Version Minor:0
                                                                                                                                            File Version Major:4
                                                                                                                                            File Version Minor:0
                                                                                                                                            Subsystem Version Major:4
                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                                                                                            Instruction
                                                                                                                                            jmp dword ptr [00402000h]
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x5b0f00x4b.text
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x5c0000xab2.rsrc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x5e0000xc.reloc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                            .text0x20000x591440x59200False0.45041308730715285data6.051994541490018IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                            .rsrc0x5c0000xab20xc00False0.5511067708333334data5.137865378285585IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                            .reloc0x5e0000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                                                            RT_ICON0x5c1300x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/m
                                                                                                                                            RT_GROUP_ICON0x5c5980x14data
                                                                                                                                            RT_VERSION0x5c5ac0x31cdata
                                                                                                                                            RT_MANIFEST0x5c8c80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                            DLLImport
                                                                                                                                            mscoree.dll_CorExeMain
                                                                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                            192.168.2.565.108.247.14749698377672850027 10/03/22-17:33:23.343299TCP2850027ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init4969837767192.168.2.565.108.247.147
                                                                                                                                            192.168.2.565.108.247.14749698377672850286 10/03/22-17:33:45.506493TCP2850286ETPRO TROJAN Redline Stealer TCP CnC Activity4969837767192.168.2.565.108.247.147
                                                                                                                                            65.108.247.147192.168.2.537767496982850353 10/03/22-17:33:24.983524TCP2850353ETPRO MALWARE Redline Stealer TCP CnC - Id1Response377674969865.108.247.147192.168.2.5
                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            Oct 3, 2022 17:33:22.906542063 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:22.944623947 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:22.947901964 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:23.343298912 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:23.382127047 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:23.605457067 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:24.941049099 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:24.983524084 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:25.105386972 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:32.487346888 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:32.535263062 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:32.535300970 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:32.535320044 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:32.535408974 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:34.352969885 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:34.395081997 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:34.449945927 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:35.018985987 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:35.075258970 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:35.086642027 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:35.168145895 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:35.311141014 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:35.356277943 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:35.398336887 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:35.437460899 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:35.481300116 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:35.570745945 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:35.609148026 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:35.635761023 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:35.674354076 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:35.686705112 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:35.725313902 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:35.778151989 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:36.019516945 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:36.057555914 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:36.058671951 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:36.106349945 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:36.236470938 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:36.274313927 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:36.274352074 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:36.274367094 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:36.275789022 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:36.295092106 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:36.333673954 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:36.387658119 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:37.009210110 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:37.051856041 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:37.106440067 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:37.606472969 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:37.644608021 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:37.645085096 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:37.700344086 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:37.736826897 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:37.775484085 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:37.825210094 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:44.185143948 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:44.226258993 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.278942108 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:44.489326000 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:44.527784109 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.669680119 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:44.873816967 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:44.911992073 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.912024975 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.912050009 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.912126064 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.912170887 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.912221909 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:44.912324905 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:44.912358046 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:44.951165915 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.951196909 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.951209068 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.951220989 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.951235056 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.951248884 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.951263905 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.951276064 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.951431036 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:44.951517105 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:44.951766968 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:44.989597082 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.989684105 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.989763975 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.989778996 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:44.989813089 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.989828110 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.989897013 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.989980936 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.990366936 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.990389109 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.990406036 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.990422964 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.990441084 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.990453959 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.990524054 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:44.990648031 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:44.990686893 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.990700006 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.990734100 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.990818977 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.990870953 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.990921021 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.991054058 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.991312027 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:44.991672993 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.027832985 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.028223038 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.028283119 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.028347969 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.028350115 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.028517008 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.028574944 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.028630972 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.028700113 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.028712988 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.028724909 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.029016018 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.029047966 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.029118061 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.029170036 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.029202938 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.029334068 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.029366016 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.029725075 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.029865026 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.066356897 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.066375971 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.066499949 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.067117929 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.067133904 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.067145109 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.067157030 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.067168951 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.067179918 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.067193031 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.067266941 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.067282915 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.067378998 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.067418098 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.067553043 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.067573071 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.067589998 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.067728996 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.067888975 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.067958117 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.067970991 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.067982912 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.068023920 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.068099976 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.068172932 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.068263054 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.068341970 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.068375111 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.068655968 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.068752050 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.106753111 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.106784105 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.106796980 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.108588934 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.108616114 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.109126091 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.109149933 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.109282970 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.109282970 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.109390020 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.109462976 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.148447990 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.148494005 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.148509026 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.148777008 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.148801088 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.148900986 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.149107933 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.149211884 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.149244070 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.149367094 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.149367094 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.149445057 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.149493933 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.187160969 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.187191010 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.187205076 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.187216997 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.187230110 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.187241077 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.187253952 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.187340975 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.187357903 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.187371969 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.187411070 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.187453032 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.187575102 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.187609911 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.187652111 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.187701941 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.187715054 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.187726021 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.187808037 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.187849045 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.187923908 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.188052893 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.188082933 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.188128948 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.188169003 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.188211918 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.188224077 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.188294888 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.188328981 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.188370943 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.188385963 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.188448906 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.188591003 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.188664913 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.188671112 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.188683987 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.188692093 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.188776016 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.188899994 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.188941002 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.188975096 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.189254999 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.226723909 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.226767063 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.226782084 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.227191925 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.227391958 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.227552891 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.230667114 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.233800888 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.278974056 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.381586075 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.420861959 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.425801992 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.464260101 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.465188980 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.505135059 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.506493092 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:45.550246954 CEST377674969865.108.247.147192.168.2.5
                                                                                                                                            Oct 3, 2022 17:33:45.673706055 CEST4969837767192.168.2.565.108.247.147
                                                                                                                                            Oct 3, 2022 17:33:47.398268938 CEST4969837767192.168.2.565.108.247.147

                                                                                                                                            Click to jump to process

                                                                                                                                            Click to jump to process

                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                            Target ID:0
                                                                                                                                            Start time:17:33:01
                                                                                                                                            Start date:03/10/2022
                                                                                                                                            Path:C:\Users\user\Desktop\PIptrFxrxR.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:C:\Users\user\Desktop\PIptrFxrxR.exe
                                                                                                                                            Imagebase:0x990000
                                                                                                                                            File size:369152 bytes
                                                                                                                                            MD5 hash:3570CFA79638C148588F3F22A7AD58C9
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.397297996.0000000002F54000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            Reputation:low

                                                                                                                                            Reset < >

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:19.1%
                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                              Signature Coverage:0%
                                                                                                                                              Total number of Nodes:6
                                                                                                                                              Total number of Limit Nodes:0
                                                                                                                                              execution_graph 18561 14bab48 18562 14bab66 18561->18562 18565 14b9d38 18562->18565 18564 14bab9d 18567 14bc668 LoadLibraryA 18565->18567 18568 14bc744 18567->18568

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 0 14b5688-14b56b3 2 14b56ba-14b5705 0->2 3 14b56b5 0->3 4 14b5706 2->4 3->2 5 14b570d-14b5729 4->5 6 14b572b 5->6 7 14b5732-14b5733 5->7 6->4 8 14b578a-14b57b7 6->8 10 14b5762-14b5773 6->10 11 14b57d7-14b57dd 6->11 7->8 9 14b5b91-14b5b9a 7->9 64 14b57b9 call 14b7678 8->64 65 14b57b9 call 14b76fd 8->65 66 14b57b9 call 14b7667 8->66 12 14b5b9c 9->12 13 14b5ba1-14b5bbf 9->13 10->5 14 14b5c6f-14b5c78 11->14 12->13 67 14b5bc2 call 14b84c0 13->67 68 14b5bc2 call 14b84b0 13->68 69 14b5bc2 call 14b8610 13->69 70 14b5bc2 call 14b8620 13->70 71 14b5bc2 call 14b83c0 13->71 72 14b5bc2 call 14b83d0 13->72 14->9 16 14b5c7e-14b5c86 14->16 15 14b57bf-14b57d2 15->5 18 14b5c44-14b5c60 16->18 17 14b5bc4-14b5c3a 22 14b5c3d 17->22 20 14b5c69-14b5c6a 18->20 21 14b5c62 18->21 20->14 43 14b5ed7-14b5ee5 20->43 21->14 21->22 23 14b5f6b-14b5f70 21->23 24 14b5d8a-14b5d8e 21->24 25 14b5caa-14b5cad 21->25 26 14b5d09-14b5d3b 21->26 27 14b5e08-14b5e27 21->27 28 14b5c88-14b5c91 21->28 29 14b5e6e-14b5e8c 21->29 30 14b5e4e-14b5e54 21->30 31 14b5f0e 21->31 32 14b5e2c-14b5e49 21->32 33 14b5dc1-14b5dd4 21->33 34 14b5d64-14b5d77 21->34 35 14b5dd9-14b5dec 21->35 36 14b5ebf-14b5ed2 21->36 37 14b5f3d-14b5f50 21->37 38 14b5d7c-14b5d85 21->38 39 14b5c93-14b5c9f 21->39 40 14b5cd2-14b5cd6 21->40 41 14b5f52-14b5f69 21->41 42 14b5df1-14b5e03 21->42 21->43 22->18 49 14b5f72-14b5f7b 23->49 47 14b5da1-14b5da8 24->47 48 14b5d90-14b5d9f 24->48 50 14b5cb5-14b5ccd 25->50 53 14b5d43-14b5d5f 26->53 27->18 28->18 61 14b5e9f-14b5ea6 29->61 62 14b5e8e-14b5e9d 29->62 56 14b5e5d-14b5e69 30->56 44 14b5f15-14b5f31 31->44 32->18 33->18 34->18 35->18 36->18 37->44 38->18 39->25 45 14b5ce9-14b5cf0 40->45 46 14b5cd8-14b5ce7 40->46 41->44 42->18 43->49 59 14b5f3a-14b5f3b 44->59 60 14b5f33 44->60 51 14b5cf7-14b5d04 45->51 46->51 54 14b5daf-14b5dbc 47->54 48->54 50->18 51->18 53->18 54->18 56->18 59->23 59->37 60->23 60->31 60->37 60->41 63 14b5ead-14b5eba 61->63 62->63 63->18 64->15 65->15 66->15 67->17 68->17 69->17 70->17 71->17 72->17
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.395864913.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_14b0000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: @-V$@-V$OyDQ
                                                                                                                                              • API String ID: 0-4169500747
                                                                                                                                              • Opcode ID: 4ef4a8112584709daecd7c7d1f372db1415e9800ffef99a9cde6b022243514dd
                                                                                                                                              • Instruction ID: 445ba39274e227b394173bed609d435836f88ee8724041ce430338556b67b82e
                                                                                                                                              • Opcode Fuzzy Hash: 4ef4a8112584709daecd7c7d1f372db1415e9800ffef99a9cde6b022243514dd
                                                                                                                                              • Instruction Fuzzy Hash: 05D14474905218DFCB18CFA5D984AEDFFB2FF89310F24926AE505AB225D7318942DF24
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 73 14b5679-14b5686 74 14b5688-14b568c 73->74 75 14b568d-14b56b3 73->75 74->75 76 14b56ba-14b5705 75->76 77 14b56b5 75->77 78 14b5706 76->78 77->76 79 14b570d-14b5729 78->79 80 14b572b 79->80 81 14b5732-14b5733 79->81 80->78 82 14b578a-14b57b7 80->82 84 14b5762-14b5773 80->84 85 14b57d7-14b57dd 80->85 81->82 83 14b5b91-14b5b9a 81->83 144 14b57b9 call 14b7678 82->144 145 14b57b9 call 14b76fd 82->145 146 14b57b9 call 14b7667 82->146 86 14b5b9c 83->86 87 14b5ba1-14b5bbf 83->87 84->79 88 14b5c6f-14b5c78 85->88 86->87 138 14b5bc2 call 14b84c0 87->138 139 14b5bc2 call 14b84b0 87->139 140 14b5bc2 call 14b8610 87->140 141 14b5bc2 call 14b8620 87->141 142 14b5bc2 call 14b83c0 87->142 143 14b5bc2 call 14b83d0 87->143 88->83 90 14b5c7e-14b5c86 88->90 89 14b57bf-14b57d2 89->79 92 14b5c44-14b5c60 90->92 91 14b5bc4-14b5c3a 96 14b5c3d 91->96 94 14b5c69-14b5c6a 92->94 95 14b5c62 92->95 94->88 117 14b5ed7-14b5ee5 94->117 95->88 95->96 97 14b5f6b-14b5f70 95->97 98 14b5d8a-14b5d8e 95->98 99 14b5caa-14b5cad 95->99 100 14b5d09-14b5d3b 95->100 101 14b5e08-14b5e27 95->101 102 14b5c88-14b5c91 95->102 103 14b5e6e-14b5e8c 95->103 104 14b5e4e-14b5e54 95->104 105 14b5f0e 95->105 106 14b5e2c-14b5e49 95->106 107 14b5dc1-14b5dd4 95->107 108 14b5d64-14b5d77 95->108 109 14b5dd9-14b5dec 95->109 110 14b5ebf-14b5ed2 95->110 111 14b5f3d-14b5f50 95->111 112 14b5d7c-14b5d85 95->112 113 14b5c93-14b5c9f 95->113 114 14b5cd2-14b5cd6 95->114 115 14b5f52-14b5f69 95->115 116 14b5df1-14b5e03 95->116 95->117 96->92 123 14b5f72-14b5f7b 97->123 121 14b5da1-14b5da8 98->121 122 14b5d90-14b5d9f 98->122 124 14b5cb5-14b5ccd 99->124 127 14b5d43-14b5d5f 100->127 101->92 102->92 135 14b5e9f-14b5ea6 103->135 136 14b5e8e-14b5e9d 103->136 130 14b5e5d-14b5e69 104->130 118 14b5f15-14b5f31 105->118 106->92 107->92 108->92 109->92 110->92 111->118 112->92 113->99 119 14b5ce9-14b5cf0 114->119 120 14b5cd8-14b5ce7 114->120 115->118 116->92 117->123 133 14b5f3a-14b5f3b 118->133 134 14b5f33 118->134 125 14b5cf7-14b5d04 119->125 120->125 128 14b5daf-14b5dbc 121->128 122->128 124->92 125->92 127->92 128->92 130->92 133->97 133->111 134->97 134->105 134->111 134->115 137 14b5ead-14b5eba 135->137 136->137 137->92 138->91 139->91 140->91 141->91 142->91 143->91 144->89 145->89 146->89
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.395864913.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_14b0000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: @-V$@-V$OyDQ
                                                                                                                                              • API String ID: 0-4169500747
                                                                                                                                              • Opcode ID: c5f9b063e728bd44e72e7f5f0ff973e3e2c845ee6989936cc4921d304409f863
                                                                                                                                              • Instruction ID: ed6653ac48750b755330351b56ea4a756948383e7e430ed98458ba35c3118e62
                                                                                                                                              • Opcode Fuzzy Hash: c5f9b063e728bd44e72e7f5f0ff973e3e2c845ee6989936cc4921d304409f863
                                                                                                                                              • Instruction Fuzzy Hash: 0AC14575904218DFCB19CFA5D984ADEFFB2BF89310F24926AE105AB235D7318942DF24
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 147 104a4e3-104a4ed 148 104a522-104a590 147->148 149 104a4ef 147->149 150 104a597-104a5dd 148->150 151 104a592 148->151 149->148 153 104a5e7-104a5f0 150->153 154 104a5df-104a5e5 150->154 151->150 155 104a5f3-104a608 153->155 154->155 158 104a611-104a61a 155->158 159 104a61b 158->159 160 104a622-104a63e 159->160 161 104a647-104a648 160->161 162 104a640 160->162 169 104a64d-104a656 161->169 172 104a88f-104a891 161->172 162->159 163 104a6a6-104a6bb 162->163 164 104a6c6-104a6dd 162->164 165 104a827-104a84f 162->165 166 104a6c0-104a6c1 162->166 167 104a941-104a949 162->167 168 104a6e2-104a6f4 162->168 162->169 170 104a92d-104a93f 162->170 171 104a7ae-104a7b7 162->171 162->172 173 104a808-104a822 162->173 174 104a8c8-104a8db 162->174 175 104a8f2-104a8f7 162->175 176 104a7d3-104a7dc 162->176 177 104a8dd-104a8f0 162->177 178 104a71e-104a74c 162->178 179 104a8fe 162->179 180 104a658-104a689 162->180 181 104a6f9-104a719 162->181 182 104a899 162->182 163->160 164->160 205 104a858-104a863 165->205 166->167 168->160 169->160 185 104a905-104a921 170->185 186 104a7be-104a7ce 171->186 187 104a7b9 171->187 183 104a8f9-104a8fb 172->183 173->160 184 104a8a0-104a8bc 174->184 175->183 188 104a7de-104a7ed 176->188 189 104a7ef-104a7f6 176->189 177->184 199 104a764-104a77c 178->199 200 104a74e-104a762 178->200 179->185 206 104a851 180->206 207 104a68f-104a6a1 180->207 181->160 182->184 183->179 193 104a8c5-104a8c6 184->193 194 104a8be 184->194 190 104a923 185->190 191 104a92a-104a92b 185->191 186->160 187->186 195 104a7fd-104a803 188->195 189->195 190->167 190->170 190->179 191->167 191->170 193->174 193->175 194->167 194->170 194->174 194->175 194->177 194->179 194->182 195->160 201 104a782-104a79b 199->201 200->201 201->206 212 104a7a1-104a7a9 201->212 208 104a865-104a874 205->208 209 104a876-104a87d 205->209 206->205 207->160 211 104a884-104a88a 208->211 209->211 211->160 212->160
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 0Z 1$Zny,$mm|H
                                                                                                                                              • API String ID: 0-2480384079
                                                                                                                                              • Opcode ID: 8b3be25a717b15f8e408fcd1b70372edc68e5be1381a8636139a86964a05d6e6
                                                                                                                                              • Instruction ID: 55e740a4e50289634432a6050866f0099f70183969e61ff556942fb621dd9609
                                                                                                                                              • Opcode Fuzzy Hash: 8b3be25a717b15f8e408fcd1b70372edc68e5be1381a8636139a86964a05d6e6
                                                                                                                                              • Instruction Fuzzy Hash: 5CC125B4E45209CFDB14CFA9C98469DFBB2FF89310F14946AD45AEB218D7349982CF14
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 213 104a520-104a590 215 104a597-104a5dd 213->215 216 104a592 213->216 218 104a5e7-104a5f0 215->218 219 104a5df-104a5e5 215->219 216->215 220 104a5f3-104a608 218->220 219->220 223 104a611-104a61a 220->223 224 104a61b 223->224 225 104a622-104a63e 224->225 226 104a647-104a648 225->226 227 104a640 225->227 234 104a64d-104a656 226->234 237 104a88f-104a891 226->237 227->224 228 104a6a6-104a6bb 227->228 229 104a6c6-104a6dd 227->229 230 104a827-104a84f 227->230 231 104a6c0-104a6c1 227->231 232 104a941-104a949 227->232 233 104a6e2-104a6f4 227->233 227->234 235 104a92d-104a93f 227->235 236 104a7ae-104a7b7 227->236 227->237 238 104a808-104a822 227->238 239 104a8c8-104a8db 227->239 240 104a8f2-104a8f7 227->240 241 104a7d3-104a7dc 227->241 242 104a8dd-104a8f0 227->242 243 104a71e-104a74c 227->243 244 104a8fe 227->244 245 104a658-104a689 227->245 246 104a6f9-104a719 227->246 247 104a899 227->247 228->225 229->225 270 104a858-104a863 230->270 231->232 233->225 234->225 250 104a905-104a921 235->250 251 104a7be-104a7ce 236->251 252 104a7b9 236->252 248 104a8f9-104a8fb 237->248 238->225 249 104a8a0-104a8bc 239->249 240->248 253 104a7de-104a7ed 241->253 254 104a7ef-104a7f6 241->254 242->249 264 104a764-104a77c 243->264 265 104a74e-104a762 243->265 244->250 271 104a851 245->271 272 104a68f-104a6a1 245->272 246->225 247->249 248->244 258 104a8c5-104a8c6 249->258 259 104a8be 249->259 255 104a923 250->255 256 104a92a-104a92b 250->256 251->225 252->251 260 104a7fd-104a803 253->260 254->260 255->232 255->235 255->244 256->232 256->235 258->239 258->240 259->232 259->235 259->239 259->240 259->242 259->244 259->247 260->225 266 104a782-104a79b 264->266 265->266 266->271 277 104a7a1-104a7a9 266->277 273 104a865-104a874 270->273 274 104a876-104a87d 270->274 271->270 272->225 276 104a884-104a88a 273->276 274->276 276->225 277->225
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 0Z 1$Zny,$mm|H
                                                                                                                                              • API String ID: 0-2480384079
                                                                                                                                              • Opcode ID: d1773a6bba14d8c03c32ebffe14c5d2de17ee2e99ba4336596c230d9059fd309
                                                                                                                                              • Instruction ID: c3b99d1d996d167a7aeef86a59f5915fdccba595a78c6db4bda8c78b9da38899
                                                                                                                                              • Opcode Fuzzy Hash: d1773a6bba14d8c03c32ebffe14c5d2de17ee2e99ba4336596c230d9059fd309
                                                                                                                                              • Instruction Fuzzy Hash: E5C124B4E45209CFDB14CFA9C98469DFBB2FF89310F14946AD45AEB214D7349982CF24
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 278 104a570-104a590 279 104a597-104a5dd 278->279 280 104a592 278->280 282 104a5e7-104a5f0 279->282 283 104a5df-104a5e5 279->283 280->279 284 104a5f3-104a608 282->284 283->284 287 104a611-104a61a 284->287 288 104a61b 287->288 289 104a622-104a63e 288->289 290 104a647-104a648 289->290 291 104a640 289->291 298 104a64d-104a656 290->298 301 104a88f-104a891 290->301 291->288 292 104a6a6-104a6bb 291->292 293 104a6c6-104a6dd 291->293 294 104a827-104a84f 291->294 295 104a6c0-104a6c1 291->295 296 104a941-104a949 291->296 297 104a6e2-104a6f4 291->297 291->298 299 104a92d-104a93f 291->299 300 104a7ae-104a7b7 291->300 291->301 302 104a808-104a822 291->302 303 104a8c8-104a8db 291->303 304 104a8f2-104a8f7 291->304 305 104a7d3-104a7dc 291->305 306 104a8dd-104a8f0 291->306 307 104a71e-104a74c 291->307 308 104a8fe 291->308 309 104a658-104a689 291->309 310 104a6f9-104a719 291->310 311 104a899 291->311 292->289 293->289 334 104a858-104a863 294->334 295->296 297->289 298->289 314 104a905-104a921 299->314 315 104a7be-104a7ce 300->315 316 104a7b9 300->316 312 104a8f9-104a8fb 301->312 302->289 313 104a8a0-104a8bc 303->313 304->312 317 104a7de-104a7ed 305->317 318 104a7ef-104a7f6 305->318 306->313 328 104a764-104a77c 307->328 329 104a74e-104a762 307->329 308->314 335 104a851 309->335 336 104a68f-104a6a1 309->336 310->289 311->313 312->308 322 104a8c5-104a8c6 313->322 323 104a8be 313->323 319 104a923 314->319 320 104a92a-104a92b 314->320 315->289 316->315 324 104a7fd-104a803 317->324 318->324 319->296 319->299 319->308 320->296 320->299 322->303 322->304 323->296 323->299 323->303 323->304 323->306 323->308 323->311 324->289 330 104a782-104a79b 328->330 329->330 330->335 341 104a7a1-104a7a9 330->341 337 104a865-104a874 334->337 338 104a876-104a87d 334->338 335->334 336->289 340 104a884-104a88a 337->340 338->340 340->289 341->289
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 0Z 1$Zny,$mm|H
                                                                                                                                              • API String ID: 0-2480384079
                                                                                                                                              • Opcode ID: 49f3e02339ae71390a3bb1d7acf995871a42b30db420e5702c851fd5fdd15002
                                                                                                                                              • Instruction ID: 0de6096ba50551b9764829e6dab68d1d8f0b479bdeeffa962d853a802a0356ca
                                                                                                                                              • Opcode Fuzzy Hash: 49f3e02339ae71390a3bb1d7acf995871a42b30db420e5702c851fd5fdd15002
                                                                                                                                              • Instruction Fuzzy Hash: 8BC111B4E45209CFDB14CFAAC98469DFBB2FB89310F24946AD45AAB254D7309981CF24
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 342 14b5738-14b575e call 14b5158 345 14b578a-14b57b7 342->345 346 14b570d-14b5729 342->346 405 14b57b9 call 14b7678 345->405 406 14b57b9 call 14b76fd 345->406 407 14b57b9 call 14b7667 345->407 347 14b572b 346->347 348 14b5732-14b5733 346->348 347->345 351 14b5762-14b5773 347->351 352 14b57d7-14b57dd 347->352 353 14b5706 347->353 348->345 349 14b5b91-14b5b9a 348->349 354 14b5b9c 349->354 355 14b5ba1-14b5bbf 349->355 350 14b57bf-14b57d2 350->346 351->346 356 14b5c6f-14b5c78 352->356 353->346 354->355 408 14b5bc2 call 14b84c0 355->408 409 14b5bc2 call 14b84b0 355->409 410 14b5bc2 call 14b8610 355->410 411 14b5bc2 call 14b8620 355->411 412 14b5bc2 call 14b83c0 355->412 413 14b5bc2 call 14b83d0 355->413 356->349 357 14b5c7e-14b5c86 356->357 359 14b5c44-14b5c60 357->359 358 14b5bc4-14b5c3a 363 14b5c3d 358->363 361 14b5c69-14b5c6a 359->361 362 14b5c62 359->362 361->356 384 14b5ed7-14b5ee5 361->384 362->356 362->363 364 14b5f6b-14b5f70 362->364 365 14b5d8a-14b5d8e 362->365 366 14b5caa-14b5cad 362->366 367 14b5d09-14b5d3b 362->367 368 14b5e08-14b5e27 362->368 369 14b5c88-14b5c91 362->369 370 14b5e6e-14b5e8c 362->370 371 14b5e4e-14b5e54 362->371 372 14b5f0e 362->372 373 14b5e2c-14b5e49 362->373 374 14b5dc1-14b5dd4 362->374 375 14b5d64-14b5d77 362->375 376 14b5dd9-14b5dec 362->376 377 14b5ebf-14b5ed2 362->377 378 14b5f3d-14b5f50 362->378 379 14b5d7c-14b5d85 362->379 380 14b5c93-14b5c9f 362->380 381 14b5cd2-14b5cd6 362->381 382 14b5f52-14b5f69 362->382 383 14b5df1-14b5e03 362->383 362->384 363->359 390 14b5f72-14b5f7b 364->390 388 14b5da1-14b5da8 365->388 389 14b5d90-14b5d9f 365->389 391 14b5cb5-14b5ccd 366->391 394 14b5d43-14b5d5f 367->394 368->359 369->359 402 14b5e9f-14b5ea6 370->402 403 14b5e8e-14b5e9d 370->403 397 14b5e5d-14b5e69 371->397 385 14b5f15-14b5f31 372->385 373->359 374->359 375->359 376->359 377->359 378->385 379->359 380->366 386 14b5ce9-14b5cf0 381->386 387 14b5cd8-14b5ce7 381->387 382->385 383->359 384->390 400 14b5f3a-14b5f3b 385->400 401 14b5f33 385->401 392 14b5cf7-14b5d04 386->392 387->392 395 14b5daf-14b5dbc 388->395 389->395 391->359 392->359 394->359 395->359 397->359 400->364 400->378 401->364 401->372 401->378 401->382 404 14b5ead-14b5eba 402->404 403->404 404->359 405->350 406->350 407->350 408->358 409->358 410->358 411->358 412->358 413->358
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.395864913.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_14b0000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: @-V$@-V$OyDQ
                                                                                                                                              • API String ID: 0-4169500747
                                                                                                                                              • Opcode ID: 8a27eb27dfd5efb1f74827e64f08c4e7511553bcb661aa898d2cc70c589fa6d3
                                                                                                                                              • Instruction ID: 7c8585622460819d6e7d22028d2741507043c8b08ee07118f728a2dcf45ac22c
                                                                                                                                              • Opcode Fuzzy Hash: 8a27eb27dfd5efb1f74827e64f08c4e7511553bcb661aa898d2cc70c589fa6d3
                                                                                                                                              • Instruction Fuzzy Hash: 3FB14275914218EFCB18CFA5D9C49DDFFB2BB89310F24966AE105AB239D3318942DF24
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 414 14b5762-14b5773 415 14b570d-14b5729 414->415 416 14b572b 415->416 417 14b5732-14b5733 415->417 416->414 418 14b578a-14b57b7 416->418 420 14b57d7-14b57dd 416->420 421 14b5706 416->421 417->418 419 14b5b91-14b5b9a 417->419 474 14b57b9 call 14b7678 418->474 475 14b57b9 call 14b76fd 418->475 476 14b57b9 call 14b7667 418->476 422 14b5b9c 419->422 423 14b5ba1-14b5bbf 419->423 424 14b5c6f-14b5c78 420->424 421->415 422->423 477 14b5bc2 call 14b84c0 423->477 478 14b5bc2 call 14b84b0 423->478 479 14b5bc2 call 14b8610 423->479 480 14b5bc2 call 14b8620 423->480 481 14b5bc2 call 14b83c0 423->481 482 14b5bc2 call 14b83d0 423->482 424->419 426 14b5c7e-14b5c86 424->426 425 14b57bf-14b57d2 425->415 428 14b5c44-14b5c60 426->428 427 14b5bc4-14b5c3a 432 14b5c3d 427->432 430 14b5c69-14b5c6a 428->430 431 14b5c62 428->431 430->424 453 14b5ed7-14b5ee5 430->453 431->424 431->432 433 14b5f6b-14b5f70 431->433 434 14b5d8a-14b5d8e 431->434 435 14b5caa-14b5cad 431->435 436 14b5d09-14b5d3b 431->436 437 14b5e08-14b5e27 431->437 438 14b5c88-14b5c91 431->438 439 14b5e6e-14b5e8c 431->439 440 14b5e4e-14b5e54 431->440 441 14b5f0e 431->441 442 14b5e2c-14b5e49 431->442 443 14b5dc1-14b5dd4 431->443 444 14b5d64-14b5d77 431->444 445 14b5dd9-14b5dec 431->445 446 14b5ebf-14b5ed2 431->446 447 14b5f3d-14b5f50 431->447 448 14b5d7c-14b5d85 431->448 449 14b5c93-14b5c9f 431->449 450 14b5cd2-14b5cd6 431->450 451 14b5f52-14b5f69 431->451 452 14b5df1-14b5e03 431->452 431->453 432->428 459 14b5f72-14b5f7b 433->459 457 14b5da1-14b5da8 434->457 458 14b5d90-14b5d9f 434->458 460 14b5cb5-14b5ccd 435->460 463 14b5d43-14b5d5f 436->463 437->428 438->428 471 14b5e9f-14b5ea6 439->471 472 14b5e8e-14b5e9d 439->472 466 14b5e5d-14b5e69 440->466 454 14b5f15-14b5f31 441->454 442->428 443->428 444->428 445->428 446->428 447->454 448->428 449->435 455 14b5ce9-14b5cf0 450->455 456 14b5cd8-14b5ce7 450->456 451->454 452->428 453->459 469 14b5f3a-14b5f3b 454->469 470 14b5f33 454->470 461 14b5cf7-14b5d04 455->461 456->461 464 14b5daf-14b5dbc 457->464 458->464 460->428 461->428 463->428 464->428 466->428 469->433 469->447 470->433 470->441 470->447 470->451 473 14b5ead-14b5eba 471->473 472->473 473->428 474->425 475->425 476->425 477->427 478->427 479->427 480->427 481->427 482->427
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.395864913.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_14b0000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: @-V$@-V$OyDQ
                                                                                                                                              • API String ID: 0-4169500747
                                                                                                                                              • Opcode ID: 9ed3cf597c52497e2ab5b6054de3017acd0a471850b0e8b7f0416708de43804b
                                                                                                                                              • Instruction ID: 0b898bd8945321592d662cdcb0491a84f03ee0c341064210e33b1e83e1ed5c97
                                                                                                                                              • Opcode Fuzzy Hash: 9ed3cf597c52497e2ab5b6054de3017acd0a471850b0e8b7f0416708de43804b
                                                                                                                                              • Instruction Fuzzy Hash: 1DB14275904208EFCB18CFA5D9C49DDFFB2BB89310F24966AE105AB235D3318942DF24
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 483 14b5777-14b5788 484 14b578a-14b57b7 483->484 485 14b570d-14b5729 483->485 550 14b57b9 call 14b7678 484->550 551 14b57b9 call 14b76fd 484->551 552 14b57b9 call 14b7667 484->552 486 14b572b 485->486 487 14b5732-14b5733 485->487 486->484 490 14b5762-14b5773 486->490 491 14b57d7-14b57dd 486->491 492 14b5706 486->492 487->484 488 14b5b91-14b5b9a 487->488 493 14b5b9c 488->493 494 14b5ba1-14b5bbf 488->494 489 14b57bf-14b57d2 489->485 490->485 495 14b5c6f-14b5c78 491->495 492->485 493->494 544 14b5bc2 call 14b84c0 494->544 545 14b5bc2 call 14b84b0 494->545 546 14b5bc2 call 14b8610 494->546 547 14b5bc2 call 14b8620 494->547 548 14b5bc2 call 14b83c0 494->548 549 14b5bc2 call 14b83d0 494->549 495->488 496 14b5c7e-14b5c86 495->496 498 14b5c44-14b5c60 496->498 497 14b5bc4-14b5c3a 502 14b5c3d 497->502 500 14b5c69-14b5c6a 498->500 501 14b5c62 498->501 500->495 523 14b5ed7-14b5ee5 500->523 501->495 501->502 503 14b5f6b-14b5f70 501->503 504 14b5d8a-14b5d8e 501->504 505 14b5caa-14b5cad 501->505 506 14b5d09-14b5d3b 501->506 507 14b5e08-14b5e27 501->507 508 14b5c88-14b5c91 501->508 509 14b5e6e-14b5e8c 501->509 510 14b5e4e-14b5e54 501->510 511 14b5f0e 501->511 512 14b5e2c-14b5e49 501->512 513 14b5dc1-14b5dd4 501->513 514 14b5d64-14b5d77 501->514 515 14b5dd9-14b5dec 501->515 516 14b5ebf-14b5ed2 501->516 517 14b5f3d-14b5f50 501->517 518 14b5d7c-14b5d85 501->518 519 14b5c93-14b5c9f 501->519 520 14b5cd2-14b5cd6 501->520 521 14b5f52-14b5f69 501->521 522 14b5df1-14b5e03 501->522 501->523 502->498 529 14b5f72-14b5f7b 503->529 527 14b5da1-14b5da8 504->527 528 14b5d90-14b5d9f 504->528 530 14b5cb5-14b5ccd 505->530 533 14b5d43-14b5d5f 506->533 507->498 508->498 541 14b5e9f-14b5ea6 509->541 542 14b5e8e-14b5e9d 509->542 536 14b5e5d-14b5e69 510->536 524 14b5f15-14b5f31 511->524 512->498 513->498 514->498 515->498 516->498 517->524 518->498 519->505 525 14b5ce9-14b5cf0 520->525 526 14b5cd8-14b5ce7 520->526 521->524 522->498 523->529 539 14b5f3a-14b5f3b 524->539 540 14b5f33 524->540 531 14b5cf7-14b5d04 525->531 526->531 534 14b5daf-14b5dbc 527->534 528->534 530->498 531->498 533->498 534->498 536->498 539->503 539->517 540->503 540->511 540->517 540->521 543 14b5ead-14b5eba 541->543 542->543 543->498 544->497 545->497 546->497 547->497 548->497 549->497 550->489 551->489 552->489
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.395864913.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_14b0000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: @-V$@-V$OyDQ
                                                                                                                                              • API String ID: 0-4169500747
                                                                                                                                              • Opcode ID: 79135f2c5062d66c317e9afa03e553d15048de3640a4d257556ceab1f6d91ae9
                                                                                                                                              • Instruction ID: 26f44f09bc7576044072eea59dca2dd85c761a78c5f6d34dd7fbe2ceb05e763d
                                                                                                                                              • Opcode Fuzzy Hash: 79135f2c5062d66c317e9afa03e553d15048de3640a4d257556ceab1f6d91ae9
                                                                                                                                              • Instruction Fuzzy Hash: 94B13275914208EFCB19CFA5D9C49DDFFB2BB89310F24966AE105AB235D3318942DF24
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 553 104416b-10441c5 554 10441c7 553->554 555 10441cc-10441e9 553->555 554->555 556 10441f1 555->556 557 10441f8-1044214 556->557 558 1044216 557->558 559 104421d-104421e 557->559 558->556 560 10445c1-10445c8 558->560 561 1044223-1044243 558->561 562 1044245-1044265 558->562 563 1044387-104438b 558->563 564 1044267-104427e 558->564 565 1044302-1044317 558->565 566 1044543-1044547 558->566 567 1044283-104428f 558->567 568 104458d-1044599 558->568 569 104444d-104445a 558->569 570 10444ed-1044505 558->570 571 10443e8-10443ec 558->571 572 10442eb-10442fd 558->572 573 1044496-10444ad 558->573 574 10442b7-10442c3 558->574 575 10443b7-10443e3 558->575 576 10444b2-10444cb call 10447c8 558->576 577 1044333-104433f 558->577 578 1044573-1044588 558->578 579 104431c-104432e 558->579 580 104435d-1044369 558->580 581 104445f-104446b 558->581 582 1044418-1044421 558->582 559->560 559->561 561->557 562->557 589 104438d-104439c 563->589 590 104439e-10443a5 563->590 564->557 565->557 591 1044549-1044558 566->591 592 104455a-1044561 566->592 593 1044296-10442b2 567->593 594 1044291 567->594 595 10445a0-10445bc 568->595 596 104459b 568->596 569->557 585 1044507 570->585 586 104450c-1044522 570->586 597 10443ee-10443fd 571->597 598 10443ff-1044406 571->598 572->557 573->557 599 10442c5 574->599 600 10442ca-10442e6 574->600 575->557 609 10444d1-10444e8 576->609 583 1044346-1044358 577->583 584 1044341 577->584 578->557 579->557 587 1044370-1044382 580->587 588 104436b 580->588 603 1044472-1044491 581->603 604 104446d 581->604 601 1044434-104443b 582->601 602 1044423-1044432 582->602 583->557 584->583 585->586 621 1044524 586->621 622 1044529-104453e 586->622 587->557 588->587 605 10443ac-10443b2 589->605 590->605 610 1044568-104456e 591->610 592->610 593->557 594->593 595->557 596->595 606 104440d-1044413 597->606 598->606 599->600 600->557 607 1044442-1044448 601->607 602->607 603->557 604->603 605->557 606->557 607->557 609->557 610->557 621->622 622->557
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: ,[4A$*la
                                                                                                                                              • API String ID: 0-1465354727
                                                                                                                                              • Opcode ID: a75e7500161c6388609628455448cd2099eddad8c7e897e354e88d0bc23c8cb1
                                                                                                                                              • Instruction ID: 8e8d4bc310d008f5d8670559519e4c95067747a1c02ec3e30a1c8457fdb46983
                                                                                                                                              • Opcode Fuzzy Hash: a75e7500161c6388609628455448cd2099eddad8c7e897e354e88d0bc23c8cb1
                                                                                                                                              • Instruction Fuzzy Hash: EBD15CB0E0464ACFCB04CFA9C8845AEFBB2FF89340B55856AC455EB265D734A946CF90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 625 10441a0-10441c5 626 10441c7 625->626 627 10441cc-10441e9 625->627 626->627 628 10441f1 627->628 629 10441f8-1044214 628->629 630 1044216 629->630 631 104421d-104421e 629->631 630->628 632 10445c1-10445c8 630->632 633 1044223-1044243 630->633 634 1044245-1044265 630->634 635 1044387-104438b 630->635 636 1044267-104427e 630->636 637 1044302-1044317 630->637 638 1044543-1044547 630->638 639 1044283-104428f 630->639 640 104458d-1044599 630->640 641 104444d-104445a 630->641 642 10444ed-1044505 630->642 643 10443e8-10443ec 630->643 644 10442eb-10442fd 630->644 645 1044496-10444ad 630->645 646 10442b7-10442c3 630->646 647 10443b7-10443e3 630->647 648 10444b2-10444cb call 10447c8 630->648 649 1044333-104433f 630->649 650 1044573-1044588 630->650 651 104431c-104432e 630->651 652 104435d-1044369 630->652 653 104445f-104446b 630->653 654 1044418-1044421 630->654 631->632 631->633 633->629 634->629 661 104438d-104439c 635->661 662 104439e-10443a5 635->662 636->629 637->629 663 1044549-1044558 638->663 664 104455a-1044561 638->664 665 1044296-10442b2 639->665 666 1044291 639->666 667 10445a0-10445bc 640->667 668 104459b 640->668 641->629 657 1044507 642->657 658 104450c-1044522 642->658 669 10443ee-10443fd 643->669 670 10443ff-1044406 643->670 644->629 645->629 671 10442c5 646->671 672 10442ca-10442e6 646->672 647->629 681 10444d1-10444e8 648->681 655 1044346-1044358 649->655 656 1044341 649->656 650->629 651->629 659 1044370-1044382 652->659 660 104436b 652->660 675 1044472-1044491 653->675 676 104446d 653->676 673 1044434-104443b 654->673 674 1044423-1044432 654->674 655->629 656->655 657->658 693 1044524 658->693 694 1044529-104453e 658->694 659->629 660->659 677 10443ac-10443b2 661->677 662->677 682 1044568-104456e 663->682 664->682 665->629 666->665 667->629 668->667 678 104440d-1044413 669->678 670->678 671->672 672->629 679 1044442-1044448 673->679 674->679 675->629 676->675 677->629 678->629 679->629 681->629 682->629 693->694 694->629
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: ,[4A$*la
                                                                                                                                              • API String ID: 0-1465354727
                                                                                                                                              • Opcode ID: 976e35c216bca1ee594b01fd2f40640403ebbbdcd20e9a3bf92bd74d1af111e2
                                                                                                                                              • Instruction ID: ea3b1c6915282846d143e80add46c9b23218695e2914da23019243f7ae5fb389
                                                                                                                                              • Opcode Fuzzy Hash: 976e35c216bca1ee594b01fd2f40640403ebbbdcd20e9a3bf92bd74d1af111e2
                                                                                                                                              • Instruction Fuzzy Hash: 0CD13AB0E0060ADFCB04CF99C4C45AEFBB2FF89340B558565D556EB264D734AA46CF90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 697 1047f7b-104814e
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: )WV0$#~
                                                                                                                                              • API String ID: 0-3403758651
                                                                                                                                              • Opcode ID: 2772007abbe9c250e0432b1fffa8ecd906e1d8ef5a807631e3b803c8ccbb2c8a
                                                                                                                                              • Instruction ID: 5534345e122d96178b35df351e9e43611a876a09f46de8ff09244be03cc49e73
                                                                                                                                              • Opcode Fuzzy Hash: 2772007abbe9c250e0432b1fffa8ecd906e1d8ef5a807631e3b803c8ccbb2c8a
                                                                                                                                              • Instruction Fuzzy Hash: 97513BB0D16209DFCB54CFA5D4805EEBBB2EF89204F10986AD066BB354D7389A46CF54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1123 14b4981-14b498e 1124 14b4990-14b4994 1123->1124 1125 14b4995-14b49b8 1123->1125 1124->1125 1126 14b49ba 1125->1126 1127 14b49bf-14b4e23 1125->1127 1126->1127 1196 14b4e2d 1127->1196 1197 14b4e36-14b4e79 1196->1197 1202 14b4e81-14b4e89 1197->1202 1203 14b4e94-14b4f33 1202->1203
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.395864913.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_14b0000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: S
                                                                                                                                              • API String ID: 0-186050230
                                                                                                                                              • Opcode ID: d2bc3e0792bde84857c48a3b7aa703de481618a6d8904df24566be532011365a
                                                                                                                                              • Instruction ID: d2cd3659e727be5fa94868ea8a9814fdef2fd745686d362c8f184b90714f8a9e
                                                                                                                                              • Opcode Fuzzy Hash: d2bc3e0792bde84857c48a3b7aa703de481618a6d8904df24566be532011365a
                                                                                                                                              • Instruction Fuzzy Hash: 48E13074E002189FDF04DBB5D891ABEB777EF88304F548419E40ABB365DB396D05AB24
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1212 14b4990-14b49b8 1214 14b49ba 1212->1214 1215 14b49bf-14b4e89 1212->1215 1214->1215 1291 14b4e94-14b4f33 1215->1291
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.395864913.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_14b0000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: S
                                                                                                                                              • API String ID: 0-186050230
                                                                                                                                              • Opcode ID: e8d00207045279d7393ca4d5b6c92f324f2ba216355aec448fdfd16a51d3ac61
                                                                                                                                              • Instruction ID: b1441e4564d29c696dfb27a8563c3bf5395cdf01d94f1eadb46e5bb105af617f
                                                                                                                                              • Opcode Fuzzy Hash: e8d00207045279d7393ca4d5b6c92f324f2ba216355aec448fdfd16a51d3ac61
                                                                                                                                              • Instruction Fuzzy Hash: 6CE13F74E002189FDF04DBB5D891ABEB777EF88304F508419E40AAB365DB396D05AB24
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.395864913.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_14b0000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: {!0
                                                                                                                                              • API String ID: 0-1408130995
                                                                                                                                              • Opcode ID: 0181767df3ed88ca8bca8d68fbe2e6c6bebf9b8089aab4f100d711a2f7797cee
                                                                                                                                              • Instruction ID: d96eb2d1c31168c4e0779ab509927b8839eb958515d9f9d2fc15b31808b03194
                                                                                                                                              • Opcode Fuzzy Hash: 0181767df3ed88ca8bca8d68fbe2e6c6bebf9b8089aab4f100d711a2f7797cee
                                                                                                                                              • Instruction Fuzzy Hash: 24811670D15208DFCB14CFA4E9856DDFBB6FF89301F20A56AE409B72A4DB345A46CB24
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.395864913.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_14b0000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: {!0
                                                                                                                                              • API String ID: 0-1408130995
                                                                                                                                              • Opcode ID: d6beb9ddc33efdec33965cd2a9e29eee76c3da97fd9d3b6cc5f13ab652ddebfb
                                                                                                                                              • Instruction ID: 23dc85cbf82449147a4290c17fc2c091748af20feb82ecc755971684bc8ced30
                                                                                                                                              • Opcode Fuzzy Hash: d6beb9ddc33efdec33965cd2a9e29eee76c3da97fd9d3b6cc5f13ab652ddebfb
                                                                                                                                              • Instruction Fuzzy Hash: AF814670D15208DFCB14CFA4E9856DDFBB6FB89301F20956AE405B72A4DB345A46CF24
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: p
                                                                                                                                              • API String ID: 0-2181537457
                                                                                                                                              • Opcode ID: 9592ee7f90b89fe8e00d06532c1d034ca06a61e47bbbcc5f84c0f8cad20d59a6
                                                                                                                                              • Instruction ID: 9f32524b110bab2292845cd7659a343f4f56c7fed498bc5932daa94c81c895a8
                                                                                                                                              • Opcode Fuzzy Hash: 9592ee7f90b89fe8e00d06532c1d034ca06a61e47bbbcc5f84c0f8cad20d59a6
                                                                                                                                              • Instruction Fuzzy Hash: BC51B2B1E042548FDB55CF2AC8C06D9BBF2FF9A204F15C1AAC448AB216E73519478F51
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: `6v
                                                                                                                                              • API String ID: 0-1061424992
                                                                                                                                              • Opcode ID: 68ae022d6950614c3996e43c4c0e09f48a7f77739472a1342fea5fbcb675891a
                                                                                                                                              • Instruction ID: e044b61896d10dc126e3c9b5f1fad2a499c3256ab746f32ba1d429a195426a3e
                                                                                                                                              • Opcode Fuzzy Hash: 68ae022d6950614c3996e43c4c0e09f48a7f77739472a1342fea5fbcb675891a
                                                                                                                                              • Instruction Fuzzy Hash: 86513CB0E152099FDB08CFAAD5805AEFBF2FF89300F14D06AE459A7255D7345A41CFA4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: <Ft
                                                                                                                                              • API String ID: 0-4150607908
                                                                                                                                              • Opcode ID: 526303fe50cf12171fe3b583c8655c5711de65c0fb481d4e9d37b01199e5995f
                                                                                                                                              • Instruction ID: 8231fc9059bd6d373531d191713ed3e2dd22862497b676c6077349ab0007ccf8
                                                                                                                                              • Opcode Fuzzy Hash: 526303fe50cf12171fe3b583c8655c5711de65c0fb481d4e9d37b01199e5995f
                                                                                                                                              • Instruction Fuzzy Hash: C321E6B1E006588BDB18CFAAD8846DEBBB2AFC9300F14C16AD409AB264DB751955CF50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 030fda7ef86a02ef2db412a20412adea3df67dc360d85edd0aa72268479c148f
                                                                                                                                              • Instruction ID: 66792df210cfe788dc6455f9f4425613e8479fbd8ab8bf67a15c048a8e1c503d
                                                                                                                                              • Opcode Fuzzy Hash: 030fda7ef86a02ef2db412a20412adea3df67dc360d85edd0aa72268479c148f
                                                                                                                                              • Instruction Fuzzy Hash: 1592A134A002158FDB15DFB5C894AAEB7B2FF84314F148968E5069B7A1DB74EC85CB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: feb87972d1310584d7636f05621de2f20d2cc6a880753211cd52b56c7a7e806b
                                                                                                                                              • Instruction ID: 8fa348cbfb14f11b686acf4386e16cf9a99c20b76bfa233b7e68006338d1889d
                                                                                                                                              • Opcode Fuzzy Hash: feb87972d1310584d7636f05621de2f20d2cc6a880753211cd52b56c7a7e806b
                                                                                                                                              • Instruction Fuzzy Hash: 7E620B34B002188FDB15DF64D894BADB7B2FF88304F1085A9E90AAB3A5DB349D85DF51
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b906d1a094bc1e755db62845eb53238905a35446e9fab48bcce45cd56acd3b2d
                                                                                                                                              • Instruction ID: b159a759c1d88704786974aa8afa7abe705b19e8b81aa92b54723004e5b7c04b
                                                                                                                                              • Opcode Fuzzy Hash: b906d1a094bc1e755db62845eb53238905a35446e9fab48bcce45cd56acd3b2d
                                                                                                                                              • Instruction Fuzzy Hash: 57D15B34B002059FDB15DF69D995A6EB7F2FF88304B658868E846DB3A1DB34EC81CB50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.395864913.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_14b0000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 38aaeaef5a7f139d072bc3aaa0452c1b018e1de67a155ef1300817503448d6ec
                                                                                                                                              • Instruction ID: 60e75255210527a1f772e5e9a7372f68f95d01aba5ff93c0f23916f074fc07c0
                                                                                                                                              • Opcode Fuzzy Hash: 38aaeaef5a7f139d072bc3aaa0452c1b018e1de67a155ef1300817503448d6ec
                                                                                                                                              • Instruction Fuzzy Hash: 70B11270D14218DFDB14DFA9D880ADDBBB2FF89301F10952AE419BB264DB30A942DF24
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.395864913.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_14b0000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8ee2ba62ba987f06feaa3bb2c92c3142bb9466f6d3709f7f0c3171d600195c95
                                                                                                                                              • Instruction ID: a81326278a66bb93b9eb420a62860e6861e069666c0cea6f579a07e5144a51ab
                                                                                                                                              • Opcode Fuzzy Hash: 8ee2ba62ba987f06feaa3bb2c92c3142bb9466f6d3709f7f0c3171d600195c95
                                                                                                                                              • Instruction Fuzzy Hash: 84B10270D10218DFDB14CFA9D985ADDBBB2FF89301F10852AD419BB2A5DB30A942DF24
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.395864913.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_14b0000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: fd977a5280e0b47aa08778eb0b2a0bfd45f30543cbb3cf379f3ecd3370392da2
                                                                                                                                              • Instruction ID: d03aac3f31af6f38d00a2913554c5aad55dd4dec94123c3aa91243c674cb0c63
                                                                                                                                              • Opcode Fuzzy Hash: fd977a5280e0b47aa08778eb0b2a0bfd45f30543cbb3cf379f3ecd3370392da2
                                                                                                                                              • Instruction Fuzzy Hash: E3B13F70E002198FDB14CFA9CD857EEBBF2BF98314F14852AD819A7364DB749849CB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 793149326ae456402ca9dad358432db385be38db7ae2500e9c2de2b892323c65
                                                                                                                                              • Instruction ID: 271ab2b4b408ada950f101c109e7209ad81bc04921c7676c94e7cd953cf7c652
                                                                                                                                              • Opcode Fuzzy Hash: 793149326ae456402ca9dad358432db385be38db7ae2500e9c2de2b892323c65
                                                                                                                                              • Instruction Fuzzy Hash: 35A1DF35A002059FDB15DFB4C854AAE7BB6FF8A314B1084AAE905DF3A5EB35DC42CB50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ae6ddc811060c6dae342925859ccbede35d0fece0f26967602890b360c3e925e
                                                                                                                                              • Instruction ID: 6e5004b135e1e415fe05bcf486ae59b20ec7f7a926e736c45855920cc13b27f1
                                                                                                                                              • Opcode Fuzzy Hash: ae6ddc811060c6dae342925859ccbede35d0fece0f26967602890b360c3e925e
                                                                                                                                              • Instruction Fuzzy Hash: E6B1F6B4E043198FDB04CFA9D9809AEBBF2FF89304F248569E405AB365D735A946CF50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.395864913.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_14b0000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 39ac59f3e0e3d2fd6b528c987805220048c0c96aeb5b693843df3d1f8b41ffc8
                                                                                                                                              • Instruction ID: 86d6680671a1d89b77b5c0a4be7b7664db7a0e0e36e515259d9027e8c9c62a3d
                                                                                                                                              • Opcode Fuzzy Hash: 39ac59f3e0e3d2fd6b528c987805220048c0c96aeb5b693843df3d1f8b41ffc8
                                                                                                                                              • Instruction Fuzzy Hash: 5EB13D70E042098FDB14CFA9DD917EEBBF2AF88314F14852AD819E7364DB749849CB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.395864913.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_14b0000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: be9c8fda4241a676b9c68b064c0809683fb74c801223664b286b613c30153551
                                                                                                                                              • Instruction ID: 023e2b72b6c6826e72625c0993cd52c1fa92b84ee9bd2ccfdd6f1b3bb9c34b89
                                                                                                                                              • Opcode Fuzzy Hash: be9c8fda4241a676b9c68b064c0809683fb74c801223664b286b613c30153551
                                                                                                                                              • Instruction Fuzzy Hash: DCA10370D24218DFDB14DFA8D981ADDBBB2FF89301F10952AD41ABB264D730A942DF24
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3621c8d4a347adfcdfb6d2c0c2a779858c35022057e9e654c4d78c2d60b75146
                                                                                                                                              • Instruction ID: 98c51093f6abd8f996cd812d0f0c88d580bfdcfacfab6e4584a74bfa33f9af75
                                                                                                                                              • Opcode Fuzzy Hash: 3621c8d4a347adfcdfb6d2c0c2a779858c35022057e9e654c4d78c2d60b75146
                                                                                                                                              • Instruction Fuzzy Hash: 12A1D3B4E04219CFDB04CFA9D9809AEBBF2FF89304F208529E515AB364D735A941CF54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 96255b674f6ae2ffd0016a3f8316b550eac6217c106375b781b04be3f74debc9
                                                                                                                                              • Instruction ID: aa367e9e9108136743d24bef612e886d5c0499580ec00c3116682bdad3697b14
                                                                                                                                              • Opcode Fuzzy Hash: 96255b674f6ae2ffd0016a3f8316b550eac6217c106375b781b04be3f74debc9
                                                                                                                                              • Instruction Fuzzy Hash: 342141B1D016498FE719CF6BD9406DEBBF3AFC9300F08C0BAD544AA268DB3415069F11
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5373715821592b5bef7b931fac7b8f148479603779b3c7e412dcf1803344d8d1
                                                                                                                                              • Instruction ID: eb17b74052b2ed2ddd1a40bd5ad03b5bdc9480378f9ad315939af2dc2fe548b8
                                                                                                                                              • Opcode Fuzzy Hash: 5373715821592b5bef7b931fac7b8f148479603779b3c7e412dcf1803344d8d1
                                                                                                                                              • Instruction Fuzzy Hash: DA11CCB1E116199BEB18CF6BDD406DEFBF7BFC8200F14C076D958A6218EB3415469E50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 700 10447c8-10447f6 702 10447fd-1044802 700->702 703 10447f8 700->703 715 1044805 call 10448d0 702->715 716 1044805 call 10448c1 702->716 703->702 704 104480b 705 1044812-104482e 704->705 706 1044837-1044838 705->706 707 1044830 705->707 708 10448a5-10448a9 706->708 707->704 707->706 707->708 709 104487e-10448a0 707->709 710 104483a-104484e 707->710 709->705 712 1044850-104485f 710->712 713 1044861-1044868 710->713 714 104486f-104487c 712->714 713->714 714->705 715->704 716->704
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: ]VW7$]VW7
                                                                                                                                              • API String ID: 0-553700039
                                                                                                                                              • Opcode ID: 88584baa7dde18cb8b26d83d6615fb46856a69491798b3c65188bc53cd64df90
                                                                                                                                              • Instruction ID: a92a4b349f13905d620d6dd41e4349c0f301a138cdba59ca201a4a03721b65b3
                                                                                                                                              • Opcode Fuzzy Hash: 88584baa7dde18cb8b26d83d6615fb46856a69491798b3c65188bc53cd64df90
                                                                                                                                              • Instruction Fuzzy Hash: 972126B0D05249DFEB44CFA9C984AAEBFF1BF89200F24C5AAC515EB255D7309A41DB50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 717 15039c0-150597a call 1503890 call 1506940 1106 1505980-1505988 717->1106 1108 15059f2-15059f5 1106->1108 1109 150598a-15059a1 1106->1109 1112 15059c2 1109->1112 1113 15059a3-15059ac 1109->1113 1116 15059c5-15059d5 1112->1116 1114 15059b3-15059b6 1113->1114 1115 15059ae-15059b1 1113->1115 1117 15059c0 1114->1117 1115->1117 1119 15059e3 1116->1119 1120 15059d7-15059e1 1116->1120 1117->1116 1121 15059ea-15059ed 1119->1121 1120->1121 1121->1108
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 449dc91e1f32c9e2f4d7388b2a1e1e22f035482c8a4d72fb01ecdbb3034d4fa6
                                                                                                                                              • Instruction ID: 60fbd5c952a64690465e6df90d137659d242055993ab14e8d03d39b7cd5d116b
                                                                                                                                              • Opcode Fuzzy Hash: 449dc91e1f32c9e2f4d7388b2a1e1e22f035482c8a4d72fb01ecdbb3034d4fa6
                                                                                                                                              • Instruction Fuzzy Hash: CB132138901214EFCB26AB60D91499EF732FF8930AB11897EDC5136B65DB3B9852DF04
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: Zk
                                                                                                                                              • API String ID: 0-2300988056
                                                                                                                                              • Opcode ID: 43f356f5160023090844f0268b0707cbe8ebbe41326ca536964ae1a5d11d71f2
                                                                                                                                              • Instruction ID: 6a609b6ec2a037a0caa28432c9a4a940459689c3c5170ca33c1c69a9a0e71d94
                                                                                                                                              • Opcode Fuzzy Hash: 43f356f5160023090844f0268b0707cbe8ebbe41326ca536964ae1a5d11d71f2
                                                                                                                                              • Instruction Fuzzy Hash: 1EE15134A00209DFCB15DFA5D994A9EBBB2FF88314F148568E40A9B7A5DB34EC45CF90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              APIs
                                                                                                                                              • LoadLibraryA.KERNELBASE(?), ref: 014BC732
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.395864913.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_14b0000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                              • Opcode ID: b3de407f61590cdc7871df2c60298daa3edc66fca55a5cda9112eaa60d431726
                                                                                                                                              • Instruction ID: 3d316bbd9244dd08f10a015f11566b6b381c928038c16dd4c930a8042c230ec6
                                                                                                                                              • Opcode Fuzzy Hash: b3de407f61590cdc7871df2c60298daa3edc66fca55a5cda9112eaa60d431726
                                                                                                                                              • Instruction Fuzzy Hash: BF3114B0D102598FDB14CFA9C8C9BEEBBF1AB08314F14852AD815A7390D7759885CFA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              APIs
                                                                                                                                              • LoadLibraryA.KERNELBASE(?), ref: 014BC732
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.395864913.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_14b0000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                              • Opcode ID: dd8720ddbfc27921039658a55888c9e2b894fe420def8d36ebd633592725ae27
                                                                                                                                              • Instruction ID: 0e71ebec33b9fbc7c645fd4674e5f95d7f1a27ba4cfb1ea3abfaac7c2377f578
                                                                                                                                              • Opcode Fuzzy Hash: dd8720ddbfc27921039658a55888c9e2b894fe420def8d36ebd633592725ae27
                                                                                                                                              • Instruction Fuzzy Hash: B23114B0D002598FDB14CFA9C8C5BDEBBF1AB08314F14852AE815A7390D779A885CFA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: Zk
                                                                                                                                              • API String ID: 0-2300988056
                                                                                                                                              • Opcode ID: 27b622063d45bc16bd6dbaa7dfd772546027633c37f95d3ffb0ef2da62032ad2
                                                                                                                                              • Instruction ID: cf7a29c51b96e2ce88b6515156c5a8d3e6822dc933740eb383eb127fba06bbf1
                                                                                                                                              • Opcode Fuzzy Hash: 27b622063d45bc16bd6dbaa7dfd772546027633c37f95d3ffb0ef2da62032ad2
                                                                                                                                              • Instruction Fuzzy Hash: 69719C70E007198FDB15DFA9C440AAEB7F2BF89304F208529D805EB395DB749C86CB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: #~
                                                                                                                                              • API String ID: 0-3978674118
                                                                                                                                              • Opcode ID: 75f33ab05fff5e4584fcfb8ef3574f32fb39a2a6a4ef3a8d1b05520bf963c399
                                                                                                                                              • Instruction ID: e87f605558e60960b566b0592a59751fba5f37a5f2688f7f23b10eabcbdf603a
                                                                                                                                              • Opcode Fuzzy Hash: 75f33ab05fff5e4584fcfb8ef3574f32fb39a2a6a4ef3a8d1b05520bf963c399
                                                                                                                                              • Instruction Fuzzy Hash: 15F0DAB4A462288FDB64DB34C8916EDB373AF86348F1144A9940DAB364DE399D81CF51
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e96ae806174a0be2ba4e3c3c220e57a5eed124b8d3cd9853f510eb9d5d5b25f3
                                                                                                                                              • Instruction ID: 41a7d9306c81de91214ce133d6f727507f723c05feee85c364eb1069e090f58b
                                                                                                                                              • Opcode Fuzzy Hash: e96ae806174a0be2ba4e3c3c220e57a5eed124b8d3cd9853f510eb9d5d5b25f3
                                                                                                                                              • Instruction Fuzzy Hash: A3E16B34B002148FDB15DFB8C894A6E7BB6FF89204F1544A9E906CB3A6DB34DC46CB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 280404512bf58d3a4ace9bf199d18de425642aff01f6259157af9f9d3c4a30b6
                                                                                                                                              • Instruction ID: 167d7fa8c4b62afba317e4ac08667d38c71ecaa0c00f07ad503c5bcbd2aac481
                                                                                                                                              • Opcode Fuzzy Hash: 280404512bf58d3a4ace9bf199d18de425642aff01f6259157af9f9d3c4a30b6
                                                                                                                                              • Instruction Fuzzy Hash: 6AD14A34A002188FDB65DF74D894BAD7BB2FF88305F1088A9E50AAB391DB319D85DF50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a74fece1aa184577796b676a92cba0c5dba077d03f25d494f88918c94fa64ee0
                                                                                                                                              • Instruction ID: 143a5af29bd2a4df71497b82b9bec1a34cc61cb5c4780715565bfaec7f027e84
                                                                                                                                              • Opcode Fuzzy Hash: a74fece1aa184577796b676a92cba0c5dba077d03f25d494f88918c94fa64ee0
                                                                                                                                              • Instruction Fuzzy Hash: 3D6115307043508FC725ABB8D4184AE7BE6FFC5219714883ED906DBBA9EF358C468791
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: df00876f3c2aef5ac595be20d871e57e63d2e39f9e8d0ca33c01a035a3264ffe
                                                                                                                                              • Instruction ID: f1f2f19ed765456b18fdf6806de7e150525b04d65ae893114b1995e670cc40f2
                                                                                                                                              • Opcode Fuzzy Hash: df00876f3c2aef5ac595be20d871e57e63d2e39f9e8d0ca33c01a035a3264ffe
                                                                                                                                              • Instruction Fuzzy Hash: 43919DB4E0022CDFDB60DFA4D990BADBBB2BB49304F1081A9D849A7355DB306E85DF51
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5f8bb2f1f7669adff582bef8e1081ebec7cf35d587f438c64568a323341e0d4c
                                                                                                                                              • Instruction ID: 2a5c55ae3f4ee367db4f1ea7305a1ccb774cc5769bb7ef2558c91320ebecb657
                                                                                                                                              • Opcode Fuzzy Hash: 5f8bb2f1f7669adff582bef8e1081ebec7cf35d587f438c64568a323341e0d4c
                                                                                                                                              • Instruction Fuzzy Hash: 33919EB4E0022CDFDB60DFA4D990B9DBBB2BB49304F1081A9D809A7355DB306E85DF51
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6c4e885f6a349e3899d92e148747497374d429e41bb78177db27130aac21e76b
                                                                                                                                              • Instruction ID: ea6443fcf4a78c18aea3312fcc52007e2e8b85e8f862fb55decffaf27c673cff
                                                                                                                                              • Opcode Fuzzy Hash: 6c4e885f6a349e3899d92e148747497374d429e41bb78177db27130aac21e76b
                                                                                                                                              • Instruction Fuzzy Hash: 9F612B74D1020CDFCB04EFB8E9989ADBBB6FF8A312F109529E456A32A4DF305945CB51
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ef8968e3f300c485338159dfeb31e05ef98ace232f83285aed034316117a309a
                                                                                                                                              • Instruction ID: 0a0081e4c2bc0396cd0b95a6e85dd6e772b9e521a74fcb7ad0e32869ab92a76f
                                                                                                                                              • Opcode Fuzzy Hash: ef8968e3f300c485338159dfeb31e05ef98ace232f83285aed034316117a309a
                                                                                                                                              • Instruction Fuzzy Hash: 11510834E10218EFDB15DFA4E894EADBBB2BF88714F148519E906AB3A0DB309D55CF50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4c1f8253b4a18669233cfa6cff9799a2f0fb2f0ad1e4f62eebfcc7752159ce7d
                                                                                                                                              • Instruction ID: 29f7f7099a10aed901db34391def33b6dee6baa27b82ec6315de94e67b946a77
                                                                                                                                              • Opcode Fuzzy Hash: 4c1f8253b4a18669233cfa6cff9799a2f0fb2f0ad1e4f62eebfcc7752159ce7d
                                                                                                                                              • Instruction Fuzzy Hash: 48518431A006068FCB15DFE8C8849AEBBB1FF85705B1584A9E509DF3A2D734ED46CB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4e275b8f47bcdfbab6b8e1edade3a0a1c9482d77d02f052f7b3c68630cc10c1c
                                                                                                                                              • Instruction ID: 70ed5680f8ec5fcd6a5ef17c0b41c14c3216559a135505410d11400716cb3ed6
                                                                                                                                              • Opcode Fuzzy Hash: 4e275b8f47bcdfbab6b8e1edade3a0a1c9482d77d02f052f7b3c68630cc10c1c
                                                                                                                                              • Instruction Fuzzy Hash: BB41CF30F042088FDB15DBA8D8547AEBBB2FF89310F14816AD50ADB391DB348C858B91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c6df4ed3b7882b56a41591d719ee9e915dad4de28bda68f467f2cd6eff5546fd
                                                                                                                                              • Instruction ID: aa8a75f7ca2e1150a3041ae99aa5665425556ddb3ebe2438170e7c18f269099e
                                                                                                                                              • Opcode Fuzzy Hash: c6df4ed3b7882b56a41591d719ee9e915dad4de28bda68f467f2cd6eff5546fd
                                                                                                                                              • Instruction Fuzzy Hash: EF31E831704214AFC7159FA8DC08AED7BA6EBC5335F24863AE519DB3E5CA718C46C790
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5c3210f7ffece5491cddb23d18fb3da1d8c382502380707cd9f96be45fe594dd
                                                                                                                                              • Instruction ID: e4758ca088d630a2bf4420e8a25c27746fb053b26f6e6f1be136f995d6f412de
                                                                                                                                              • Opcode Fuzzy Hash: 5c3210f7ffece5491cddb23d18fb3da1d8c382502380707cd9f96be45fe594dd
                                                                                                                                              • Instruction Fuzzy Hash: 034118B1901228DFDB66CF61CD44BDABBB2BF89300F0481E9D54DAB261CB319A94DF00
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c035d644e6b29e0097e2a5c65dacad2cdd6e9790998c0bebfd4e692bb3144922
                                                                                                                                              • Instruction ID: 7b2693d6ffdb5632ab3d1eca225d48f06f5fb86a5a3ef1e7babde9f726c55684
                                                                                                                                              • Opcode Fuzzy Hash: c035d644e6b29e0097e2a5c65dacad2cdd6e9790998c0bebfd4e692bb3144922
                                                                                                                                              • Instruction Fuzzy Hash: 394122B4E05208CFCB18DFA9E9846DDBBF2BF89310F24952AE456B3364D7345942CB64
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: bed2cb100329b36f3d14ecd7b004f2cfda3fefca0c8c5f2dcebd5c1c7d2eb846
                                                                                                                                              • Instruction ID: a894387aa475dc55a583383d22258bd6e11767c5cb0bb73045060b53fdb83bf1
                                                                                                                                              • Opcode Fuzzy Hash: bed2cb100329b36f3d14ecd7b004f2cfda3fefca0c8c5f2dcebd5c1c7d2eb846
                                                                                                                                              • Instruction Fuzzy Hash: 57311934B002188FD759DFA8D4A8AAE7BF2BB89700F14406DE9069B3A4CB759C85DB50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 7081775951278a05c4ae5c010e2f1f453e36a101d204a89278a876b5f1abfc37
                                                                                                                                              • Instruction ID: 9b2f686f3c98a0cc27331b89df08db138a81a651698b44fa3d6f98d10a8b16b4
                                                                                                                                              • Opcode Fuzzy Hash: 7081775951278a05c4ae5c010e2f1f453e36a101d204a89278a876b5f1abfc37
                                                                                                                                              • Instruction Fuzzy Hash: 884122B4E05218CBCB18CFA9E9846DDBBF2FF89310F14952AD416B7210D7345902CB64
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 44988d59b29b21e1e384b9361513ab888dfe3daa2114264efc7ccc1804dcb64d
                                                                                                                                              • Instruction ID: 75179bc19a6413b892ac3b3ca49589c6af2d5c8cb5f8c2dacde2b88103fcb786
                                                                                                                                              • Opcode Fuzzy Hash: 44988d59b29b21e1e384b9361513ab888dfe3daa2114264efc7ccc1804dcb64d
                                                                                                                                              • Instruction Fuzzy Hash: EE312530B043508FC725AB74A4591AD3BE3EFC5215318497ED846CBBA6DF789C8A8791
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 25e79f68f8fa60e88839d33c07ec0da3c0fd6292f3fad776376456134a67a27d
                                                                                                                                              • Instruction ID: 3835efde7623d8a2430cc39a7e4b874912b393f331d108530f28f4a72cd9a134
                                                                                                                                              • Opcode Fuzzy Hash: 25e79f68f8fa60e88839d33c07ec0da3c0fd6292f3fad776376456134a67a27d
                                                                                                                                              • Instruction Fuzzy Hash: 9531E7B4E042099FCB44CFA9D581AAEFBF1FF89300F1484AAD815A7754D338AA41CF61
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d452d499a734a145f38c8c606371aaca7c526178e4d8a56b21b5392b18cefaf1
                                                                                                                                              • Instruction ID: 25e0399111ea0dcba2232eb8dec6b146680acf4ed828ac4918caf2ee57887294
                                                                                                                                              • Opcode Fuzzy Hash: d452d499a734a145f38c8c606371aaca7c526178e4d8a56b21b5392b18cefaf1
                                                                                                                                              • Instruction Fuzzy Hash: C4319E31D2071A8BCB10AFB9C8006DDB371BF99324F25972AD50977240EB30B5D6CB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ea0112aefd0d674489bda85e3478cf54d3c927241affd8794c60db44f69533f2
                                                                                                                                              • Instruction ID: 348122ec79928fb111bad10fcf85018cad6ae4a8a5a03ca0e136fd39934725f4
                                                                                                                                              • Opcode Fuzzy Hash: ea0112aefd0d674489bda85e3478cf54d3c927241affd8794c60db44f69533f2
                                                                                                                                              • Instruction Fuzzy Hash: 6B312934B006188FD769DF68D4A8AAE7BF2FF88710F14016DE506AB3A4CB759D81DB50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2067659ffe1be8236322197784c99cd1540f5ca8959983e2c1927450086b557f
                                                                                                                                              • Instruction ID: 3738d259b49fdf72eee18651d70a44e876427a6cbf03a18541d8d8709c1445af
                                                                                                                                              • Opcode Fuzzy Hash: 2067659ffe1be8236322197784c99cd1540f5ca8959983e2c1927450086b557f
                                                                                                                                              • Instruction Fuzzy Hash: 36315734920219EFCF01BFA5E8499DCBBB2FF48305F104929E611A3279DB366996DF50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 43785668f0fed417a0c7ab4073f13cc836b1ccb72b9e35b325bb9003f660c23f
                                                                                                                                              • Instruction ID: de2f69fc9a3fef4d09ac9d104619fed3e4033d8d44db71ea954a6ee48989ee0d
                                                                                                                                              • Opcode Fuzzy Hash: 43785668f0fed417a0c7ab4073f13cc836b1ccb72b9e35b325bb9003f660c23f
                                                                                                                                              • Instruction Fuzzy Hash: E031B5B4E046099FCB44CFAAD5809AEBBF1FF89300F10956AD819A7714D734AA41CF61
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9103a49fb95cba6c1333caccccd8f1886c9e16297577b0bd7f6b44dd77cfba2c
                                                                                                                                              • Instruction ID: c6059df5db7b3f439e2f8814f5ef1127224329d9ade1743e8cd842fd5bcc74c7
                                                                                                                                              • Opcode Fuzzy Hash: 9103a49fb95cba6c1333caccccd8f1886c9e16297577b0bd7f6b44dd77cfba2c
                                                                                                                                              • Instruction Fuzzy Hash: 4B31D530714290CFD72B6BB5A4252BD3BE5BB42A01B04482FD44BCFBD6DB698C96CB11
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c904edfedc96cb4429587c4c1593ff7042269135c844af1cf1ad63542f04bae7
                                                                                                                                              • Instruction ID: a41c6b166faa61fc537dce294da46f5d55b9e3883b1b4bb50a42b1a6f45735b9
                                                                                                                                              • Opcode Fuzzy Hash: c904edfedc96cb4429587c4c1593ff7042269135c844af1cf1ad63542f04bae7
                                                                                                                                              • Instruction Fuzzy Hash: BC31C831E106168BCF11BFB9D8101AEB3B1FF85314B10862AD519E7385EB35A986CB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8447f8a9d5fb2ab05612d483feb3b35c98d8449be96a3052916348b74b2f24e2
                                                                                                                                              • Instruction ID: a3605de0413f2eaa3273def047a21f293837624d71297558cc8ebd229b546ed7
                                                                                                                                              • Opcode Fuzzy Hash: 8447f8a9d5fb2ab05612d483feb3b35c98d8449be96a3052916348b74b2f24e2
                                                                                                                                              • Instruction Fuzzy Hash: F33108B1E14219DFDB04CFA9D8446EEBBB2AF89300F14C06AD916B32A4DB345905CF90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393246862.0000000000F9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F9D000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_f9d000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3b8a259186079aa7d6edf23e52733ac450961062d5c422b503b2fde50cb8b54c
                                                                                                                                              • Instruction ID: 13258646c3191dd7644f18d78ab8b16cae654d169115538ee17ba01bbcef2aac
                                                                                                                                              • Opcode Fuzzy Hash: 3b8a259186079aa7d6edf23e52733ac450961062d5c422b503b2fde50cb8b54c
                                                                                                                                              • Instruction Fuzzy Hash: 69212B72500244DFEF05DF50D9C0B16BB65FB88324F348569E9450B747C33AD856EBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c851574aacccc82d9afe65812f0f05745b9f5ca911e95abd3d529ba8f0f3c172
                                                                                                                                              • Instruction ID: 3fc6daa794cea1915107b7b56627c4f1c4365222acdb8933ee430e055e239cf9
                                                                                                                                              • Opcode Fuzzy Hash: c851574aacccc82d9afe65812f0f05745b9f5ca911e95abd3d529ba8f0f3c172
                                                                                                                                              • Instruction Fuzzy Hash: A42187312093968FC712DF34C8548CA7BB2AF822197094E6AD0458F7A2D775AD8EC7D1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393246862.0000000000F9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F9D000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_f9d000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 740856b68c0860f7e029be82cb48865d1a683f55af80f663d1e0bc197f1db610
                                                                                                                                              • Instruction ID: eac513b60688981b29132e97f8919d302d9958856252b4f3ef4eb11f1e2f1cbc
                                                                                                                                              • Opcode Fuzzy Hash: 740856b68c0860f7e029be82cb48865d1a683f55af80f663d1e0bc197f1db610
                                                                                                                                              • Instruction Fuzzy Hash: 6D212872500244DFEF04DF18D9C0B6ABB65FB94324F34C569D9090B746C336E856EBA2
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 783356ccce7c83fe48569c4cd47430d48b73a14641571c63a249270f0985f96c
                                                                                                                                              • Instruction ID: 85da227775bce6d89158fed35a1cdb140d5db13462ee2e4c5f15a8f3eeeb2ed8
                                                                                                                                              • Opcode Fuzzy Hash: 783356ccce7c83fe48569c4cd47430d48b73a14641571c63a249270f0985f96c
                                                                                                                                              • Instruction Fuzzy Hash: 4621F9B4E042199FCB44CFA9D98169EBBF1FF89300F15C5AAD518E7225D3309A458F51
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 46d4616516998c7abd74f009127e1275aa2c303badbc1618e488127c3f634d05
                                                                                                                                              • Instruction ID: 843a7b0abfdf910fca86adc34b32e164bf1025a6387d27d4338c5217d1480c86
                                                                                                                                              • Opcode Fuzzy Hash: 46d4616516998c7abd74f009127e1275aa2c303badbc1618e488127c3f634d05
                                                                                                                                              • Instruction Fuzzy Hash: CC218EF0D493459FC746CFB4D880198BBB2FF92214F1980FAC880D6226E7399A29CB51
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c701b80c5b3dba8541c51b5f890c532c8c5d7fe816b2e6e3039677cf1fd2843c
                                                                                                                                              • Instruction ID: acab401bad12fc6d61dba39350cb3b1d3d0017ba9858537406d50144105a3d55
                                                                                                                                              • Opcode Fuzzy Hash: c701b80c5b3dba8541c51b5f890c532c8c5d7fe816b2e6e3039677cf1fd2843c
                                                                                                                                              • Instruction Fuzzy Hash: B611C130B003149FD714ABB498197AE3BF29F86704F1084AAE509DF3A5DF348D458B91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: bc246cb56861e5e1b9e6f0386f3af779b9966e18d1e7e4bd143de2c1ffcda6c6
                                                                                                                                              • Instruction ID: afc0ffb3ec49a1b70ff91923fe90ab91b6518bfc91c03032e08f1dd836444f59
                                                                                                                                              • Opcode Fuzzy Hash: bc246cb56861e5e1b9e6f0386f3af779b9966e18d1e7e4bd143de2c1ffcda6c6
                                                                                                                                              • Instruction Fuzzy Hash: 32213874E45248EFDB05CFA9D995A9DFBF2EF89200F14C5AAD808EB365D7349A00DB10
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: eb071350bf30b470ac2ca0059d162c0d30d6cdce49c8fe6c2e6d780a0dfa5169
                                                                                                                                              • Instruction ID: b656ee8cb6b6c6a7ebec0da5c8eaec51e834527e3a9882730d35c84f1f15b62f
                                                                                                                                              • Opcode Fuzzy Hash: eb071350bf30b470ac2ca0059d162c0d30d6cdce49c8fe6c2e6d780a0dfa5169
                                                                                                                                              • Instruction Fuzzy Hash: 653162B4E0522CCFDB24CFA5C984ADCBBB1BF99304F1081A9D949AB314D7746A85CF41
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3a2d906fc95b638a425f295717aaff1be685a60dc763f6f3d7edf65c93b18248
                                                                                                                                              • Instruction ID: 5d6da7e21af3973bff6dc631baedcd9dc1846e57ed51ae1ee5b1918dc996a9b1
                                                                                                                                              • Opcode Fuzzy Hash: 3a2d906fc95b638a425f295717aaff1be685a60dc763f6f3d7edf65c93b18248
                                                                                                                                              • Instruction Fuzzy Hash: 88119A306006169FCB10EF38D885A9EB3B2BF84218B144E28D0058B765DB74BD8E87E1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393246862.0000000000F9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F9D000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_f9d000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 39b9edca687387e66c5d2bd2685dc04cd73b83ee6985226822a5eda9765ebdde
                                                                                                                                              • Instruction ID: 86d89a0e68fcf0fe016622e396d6eca01abf55bae88655fea2ba8e6ac35bbc4a
                                                                                                                                              • Opcode Fuzzy Hash: 39b9edca687387e66c5d2bd2685dc04cd73b83ee6985226822a5eda9765ebdde
                                                                                                                                              • Instruction Fuzzy Hash: CF21A276904280DFDF06CF14D9C4B56BF71FB88324F2886A9D9480B656C33AD856DF91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: aae6e853cbeb0d274ed7d116992cce851c13129f54de8e42ade620ee1a5cf4ea
                                                                                                                                              • Instruction ID: 744a7860b6826e06e122cd4d0139fc6c7342ca01d67e044b1ceef154d21770e9
                                                                                                                                              • Opcode Fuzzy Hash: aae6e853cbeb0d274ed7d116992cce851c13129f54de8e42ade620ee1a5cf4ea
                                                                                                                                              • Instruction Fuzzy Hash: EB11E3303002109BD714EE29D891AAE3796AFC4349B448939E505CB3D2DB74DD89C3D0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393246862.0000000000F9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F9D000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_f9d000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a760e4fb7a8f7af4964b52e8acc4174ec22fb156d513687082a671896801b03d
                                                                                                                                              • Instruction ID: f6e3e67491878bb5ae64f93df063eeb41fa1be0cd219ac988d641c5a87129548
                                                                                                                                              • Opcode Fuzzy Hash: a760e4fb7a8f7af4964b52e8acc4174ec22fb156d513687082a671896801b03d
                                                                                                                                              • Instruction Fuzzy Hash: 9011AF76804280DFDF05CF14D5C4B5ABF72FB94324F28C6A9D9480B616C33AE856DBA2
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2db8940ad1365ea6dd4d70862ce518a4a17cbeea607d9c75ce8b18b86428f8a0
                                                                                                                                              • Instruction ID: 168873252c411527c849f1957fea36cfbfa5b56ff396621de1be5672138b45a0
                                                                                                                                              • Opcode Fuzzy Hash: 2db8940ad1365ea6dd4d70862ce518a4a17cbeea607d9c75ce8b18b86428f8a0
                                                                                                                                              • Instruction Fuzzy Hash: 4211F6B8E01118EFDB44DFA9D984A9DFBF6EF88200F14C5AAD918D7365D7309A40DB50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 275818de3bb6806d9321c2ee1bfb248348d17ce60cf71e9e8e4821df5992ea33
                                                                                                                                              • Instruction ID: 8f64fb91f19390355cbadae70c2428e10b292624b0cd304df8d20ab48ef36c44
                                                                                                                                              • Opcode Fuzzy Hash: 275818de3bb6806d9321c2ee1bfb248348d17ce60cf71e9e8e4821df5992ea33
                                                                                                                                              • Instruction Fuzzy Hash: C81103312006158BC720DF39D984DCEB3A6FF852197048E28E4594B764EB75FD8D87D0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: bcd20009da37f40e16de45851b63dd3793e749d4aca26a6a4b3345a18dc873c5
                                                                                                                                              • Instruction ID: cb8b1b37e0e09aa83952e04b32f90c94388e38fac85262ffe438c2f97a1c6bc0
                                                                                                                                              • Opcode Fuzzy Hash: bcd20009da37f40e16de45851b63dd3793e749d4aca26a6a4b3345a18dc873c5
                                                                                                                                              • Instruction Fuzzy Hash: 10115BB59042498FCB11CFA8D890AEEBFF1BF49300F1481AAE554E7391C7359A41CFA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5630dc7b7d19ff7f39606e82ffc1a18f8b1f60e80bb4ee66053843351f5e450e
                                                                                                                                              • Instruction ID: 5486740a51931f55105a9063c22df6ec3695d9ec6d8a1a25036f3131cb2eac67
                                                                                                                                              • Opcode Fuzzy Hash: 5630dc7b7d19ff7f39606e82ffc1a18f8b1f60e80bb4ee66053843351f5e450e
                                                                                                                                              • Instruction Fuzzy Hash: 8C01F530B092804FC7125BB8A8140AD7BF59FC621471944AAD945CB362DE758C068B51
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2abc31493ed07c656299589f78894599594bea2fe1b1468438785d5569eea730
                                                                                                                                              • Instruction ID: 84cde825f8cd4b9186a6285b9b2b128ffb5414c19444a46a386c853c929d2dbb
                                                                                                                                              • Opcode Fuzzy Hash: 2abc31493ed07c656299589f78894599594bea2fe1b1468438785d5569eea730
                                                                                                                                              • Instruction Fuzzy Hash: 57015B30B107109BCB65AB799848A2EB7A6FBC5619B14486DE50A87791CFB5EC098740
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 073cf5534c1b815a0d00776041fc3e9c39fb2ceb9d63f075d9763fa50a1c3bc6
                                                                                                                                              • Instruction ID: 96a54fa977af7baec6df49373e952e566232e8dfe376396d9cccf31d92f393e7
                                                                                                                                              • Opcode Fuzzy Hash: 073cf5534c1b815a0d00776041fc3e9c39fb2ceb9d63f075d9763fa50a1c3bc6
                                                                                                                                              • Instruction Fuzzy Hash: A6014CB0D193889FCB46CFB5985515DBFB2AF87204F1980EAC444E7266E7348A18CB52
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393246862.0000000000F9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F9D000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_f9d000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 17e7dad57f4b87f746f5488ed398aa4ce96800f7c0a3a430c639d3d9dcbc49a8
                                                                                                                                              • Instruction ID: fd279b5d00d1d739e4376f42cf704dec484a3835b3fb1d77c2f0317d69d2d265
                                                                                                                                              • Opcode Fuzzy Hash: 17e7dad57f4b87f746f5488ed398aa4ce96800f7c0a3a430c639d3d9dcbc49a8
                                                                                                                                              • Instruction Fuzzy Hash: C301FC3140C3949EFB104F11CD80766BBD8EF41374F288059ED054A643C37D9C48E6B1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6d6516ff5e8e0b479c53fd47aee20d7040aafccf76d9e5be83334eabb1d5fff7
                                                                                                                                              • Instruction ID: 84ce4e4dcd48c72a3226a63c7f784e571fcab3101de02610034fcd6b5e6221c3
                                                                                                                                              • Opcode Fuzzy Hash: 6d6516ff5e8e0b479c53fd47aee20d7040aafccf76d9e5be83334eabb1d5fff7
                                                                                                                                              • Instruction Fuzzy Hash: 5811B3B4E0122C9FCB61DF24C9907DAB6B2AF46304F1051EA944EAB324DB345EC4DF42
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c3278bf234e2f1ad215c1276af668bce7f3dc6345efa124eb4e3a952c52f0b85
                                                                                                                                              • Instruction ID: d950e829c07e2fd36d1f247ec7f235ba723ea697278069362842e44b6f4bf058
                                                                                                                                              • Opcode Fuzzy Hash: c3278bf234e2f1ad215c1276af668bce7f3dc6345efa124eb4e3a952c52f0b85
                                                                                                                                              • Instruction Fuzzy Hash: C9113CB5E0025A9FCB10DF99C8449EEBBF5BB48310F108166E554A7350C734AA40CFB0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0b5e4190f78c3b3f462aa083fe0b4c6ea82f88f66235ed4ee34ef62358b6078c
                                                                                                                                              • Instruction ID: 3f4bef3a38407661a1b7e35402d54d5b0b8de0049e9bf355e00afc3d6c5c7612
                                                                                                                                              • Opcode Fuzzy Hash: 0b5e4190f78c3b3f462aa083fe0b4c6ea82f88f66235ed4ee34ef62358b6078c
                                                                                                                                              • Instruction Fuzzy Hash: E40171312006158FD711CF29D548C8ABBF5FF85215709C89AE5858BB75EBB0FD49C790
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 45b3e785b6e3834cc29fd78340e69f410b9f342463abe975b46f6497829508e3
                                                                                                                                              • Instruction ID: 502c428729e94808f7f0fa2efba81fdb63eb2582366c8ed9031ee3e5165378a4
                                                                                                                                              • Opcode Fuzzy Hash: 45b3e785b6e3834cc29fd78340e69f410b9f342463abe975b46f6497829508e3
                                                                                                                                              • Instruction Fuzzy Hash: F2015E306006148BD364EF79E5146AE77E2EFC431AB108A2DD18A87758DF78AC4E9BD1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6f715ddad212d0378978d5db1e375f1c8e7cd2ec22e941c7cb1d71d8e0ea06e7
                                                                                                                                              • Instruction ID: 1f21e784494f18e6853e0a0d603e5c720a1d7ec67bfd172f80debdeddc56b73d
                                                                                                                                              • Opcode Fuzzy Hash: 6f715ddad212d0378978d5db1e375f1c8e7cd2ec22e941c7cb1d71d8e0ea06e7
                                                                                                                                              • Instruction Fuzzy Hash: 8901E2B4D09249DFCB50DFA8D8996EEBFF0BB0A300F1081AAD855A3391E3745A44DF51
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5433a6db4ed26e8e58e5c54fdf1669399c8a12572b6be6942adc610b47ed2394
                                                                                                                                              • Instruction ID: 55f9bd2a376cc7189e97cbd4981f2d74cc37fb9c12604e93f8b47c161c4608e1
                                                                                                                                              • Opcode Fuzzy Hash: 5433a6db4ed26e8e58e5c54fdf1669399c8a12572b6be6942adc610b47ed2394
                                                                                                                                              • Instruction Fuzzy Hash: 7EF04FB0E15209EFCB44DFE5954569DBBF6FBC9204F14D0B9C448A3218EB3487248B55
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: db535ed49e05eecbdae11de1dd9df9c109bf66c6d0312b1d6ff7862ca0f0be44
                                                                                                                                              • Instruction ID: 2922064188516050dfda35a16cf0fc0025211e6b9957e5e22c54041f507a5a6d
                                                                                                                                              • Opcode Fuzzy Hash: db535ed49e05eecbdae11de1dd9df9c109bf66c6d0312b1d6ff7862ca0f0be44
                                                                                                                                              • Instruction Fuzzy Hash: E201D2B4D0420DEFCB54DFA9D8886AEBBF0BB49300F1085AAD815A3360E7745A40DF90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393246862.0000000000F9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F9D000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_f9d000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1aa7c131b6e362defe95e61cf26087953713522eed70cbd454811310a3f199d9
                                                                                                                                              • Instruction ID: 275d37620e00224ca8f45aac402818fa990c943a46a0db399ae78d828a25c963
                                                                                                                                              • Opcode Fuzzy Hash: 1aa7c131b6e362defe95e61cf26087953713522eed70cbd454811310a3f199d9
                                                                                                                                              • Instruction Fuzzy Hash: B8F0C2718083849EEB108F05CCC4B66FBD8EB41774F28C45AED084B687C3799C44DAB1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a95ca8e7db9329c9a5fc0f7252939e35671bf3d8ffc5479aa9486b9a8af8abcd
                                                                                                                                              • Instruction ID: 866b689aa6e1befb2af237adfeda3642fcf2af2c7f97816dd471b8db4feda38c
                                                                                                                                              • Opcode Fuzzy Hash: a95ca8e7db9329c9a5fc0f7252939e35671bf3d8ffc5479aa9486b9a8af8abcd
                                                                                                                                              • Instruction Fuzzy Hash: 38110974A111688FDB60EF58DC88789B7F1EB89304F1081E9940D97365DB789EC19F45
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a71e1b256a3b96e2af1f305372365a6c282fbbae364bcfb61d43c59d22867312
                                                                                                                                              • Instruction ID: 5b111d00957c25178ec6bd5552e842eb811d3c7a7945058626a433ebaacc583a
                                                                                                                                              • Opcode Fuzzy Hash: a71e1b256a3b96e2af1f305372365a6c282fbbae364bcfb61d43c59d22867312
                                                                                                                                              • Instruction Fuzzy Hash: AC019078A05219DFCB58DFA8E8D4A9DFBB1BF49304F10819AE955AB361DB34A841DF00
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4d9e37c928348404766747ec6f4b5d5a6cfa31290bfd9a6b4001f6933f9c2214
                                                                                                                                              • Instruction ID: 5d5d27490cc50243b5cf5a3712ae7e2050745bba09e57cae4a724cd6594ec398
                                                                                                                                              • Opcode Fuzzy Hash: 4d9e37c928348404766747ec6f4b5d5a6cfa31290bfd9a6b4001f6933f9c2214
                                                                                                                                              • Instruction Fuzzy Hash: 37F0E2B0D092489FDB41DBB8D89269DBFF0FF0A300F5485AAC454E7362E37556068F51
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d1ea22600a1e74832c6a1273817ebb1a67e28a4c57b971177eaba2f1426f3f96
                                                                                                                                              • Instruction ID: b20ae37624361658bba16ce3e418e90a3247ad250dc3029c96eba6adc577f44b
                                                                                                                                              • Opcode Fuzzy Hash: d1ea22600a1e74832c6a1273817ebb1a67e28a4c57b971177eaba2f1426f3f96
                                                                                                                                              • Instruction Fuzzy Hash: 80F01DF4D08258DFCB10CFA4D8955BDBFB0EB1A241F0441EAD891E7361E2389A41DB50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d805e1f081d36a5c122a9503c6ce2afd858a854d97632c7b12eab1d7e573f572
                                                                                                                                              • Instruction ID: 9029e974b2b876f3460b2ffc3471733f2a706bb39fbf1838a9166bc1410a6b80
                                                                                                                                              • Opcode Fuzzy Hash: d805e1f081d36a5c122a9503c6ce2afd858a854d97632c7b12eab1d7e573f572
                                                                                                                                              • Instruction Fuzzy Hash: FF113D74906228CFEBA5CF65C990B9CBBB2BB48311F1041E9E809A7364D7319E80DF00
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: acf256c2c388554462508501bb667e1cf9f3522f285778314eed26165d30ec2f
                                                                                                                                              • Instruction ID: dbb8ada24c9eab2bee5544b9d50cfb5d19700f5610e38a23eee4982448884ac7
                                                                                                                                              • Opcode Fuzzy Hash: acf256c2c388554462508501bb667e1cf9f3522f285778314eed26165d30ec2f
                                                                                                                                              • Instruction Fuzzy Hash: 23F03C70A10218EFCF40FFB8E59949C7BF1EF85209B104579D805A7364EB346E49CB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: deac8d8df7c91174b84a2d7ce182e0b730e39b4b61e129ec8b8554b4bb607a63
                                                                                                                                              • Instruction ID: d049b662baa4705b71ad05efb1ea491bf5a632425fedfacc0aef3e21b76f782a
                                                                                                                                              • Opcode Fuzzy Hash: deac8d8df7c91174b84a2d7ce182e0b730e39b4b61e129ec8b8554b4bb607a63
                                                                                                                                              • Instruction Fuzzy Hash: 31F0E2B0905218EFCB11DFB8D955AADBFB1FF0A300B108AAAD8449B321D3725A01DF61
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 06302513bdc358c76cd3852f0f4164dec7b5098dc6a87067eba71f13996a7373
                                                                                                                                              • Instruction ID: ff17ae163431488315ec5d0d06a09827b3287fdcdb123d2a1b63ca8dfc90833f
                                                                                                                                              • Opcode Fuzzy Hash: 06302513bdc358c76cd3852f0f4164dec7b5098dc6a87067eba71f13996a7373
                                                                                                                                              • Instruction Fuzzy Hash: A0F0F975E006188FCB50DF69D8045DEBBF4FF88721B00492AD409E7340D7746A59CBD4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 7841cff1d9981233bc394f72cd0313b5bd56e79ef5268b438ccb26fa1eb41c95
                                                                                                                                              • Instruction ID: d87d6581ff0492e7175dcffe464ce7be587b7e0a1bf92219e3d3dc6dcbeaab65
                                                                                                                                              • Opcode Fuzzy Hash: 7841cff1d9981233bc394f72cd0313b5bd56e79ef5268b438ccb26fa1eb41c95
                                                                                                                                              • Instruction Fuzzy Hash: CE014D76414224EFCF568F90CA44E94BFB2BF09310F4A81D5E2485B172C372CAA0EF00
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 77bcde97fb33a52f49a9480cc9455577619764312b2facf067b1328890db61ab
                                                                                                                                              • Instruction ID: 049cb08514af627a80398a1883a8b6a730ab874bb8d67a20caab7d7bfda28bf2
                                                                                                                                              • Opcode Fuzzy Hash: 77bcde97fb33a52f49a9480cc9455577619764312b2facf067b1328890db61ab
                                                                                                                                              • Instruction Fuzzy Hash: FCF0E532301A229FC3009F28D404C4DBBA9EF816253098159E4489B722CB20ED94C7D4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0f86a9c920a2370c8ceda582ea99f503af1b0a73c5a91d74358b38562c8d4056
                                                                                                                                              • Instruction ID: d766e449f1df3319406c378d3512c0af22fe6bb89d56a6e58e29a8c362df2da8
                                                                                                                                              • Opcode Fuzzy Hash: 0f86a9c920a2370c8ceda582ea99f503af1b0a73c5a91d74358b38562c8d4056
                                                                                                                                              • Instruction Fuzzy Hash: 46F08C709093489FCB42EBB8E85AACC7FB0EF06204F1085EAC440D7262D7311A49DB61
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1799c0f0b9df525e005964eefcb59156929b9a4ceb98b3220c101b3a007d7493
                                                                                                                                              • Instruction ID: 61aee1b1396079b584c71f9e78bf29a5fa6e7ab12ee42801a21bc9116142405b
                                                                                                                                              • Opcode Fuzzy Hash: 1799c0f0b9df525e005964eefcb59156929b9a4ceb98b3220c101b3a007d7493
                                                                                                                                              • Instruction Fuzzy Hash: 610192B4905369CFDB31DF69C8847DEBBB1BF0A304F1086E6C44966245C3309A80CF51
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 53bd1ef1c62c1bf02a1369642d985b2fc88e1fb96f5a539050fd9f5e6b324483
                                                                                                                                              • Instruction ID: 8606b7d14d286aee12756e5ec91ebce320b9d2ab9880c142c147c66ab89414dc
                                                                                                                                              • Opcode Fuzzy Hash: 53bd1ef1c62c1bf02a1369642d985b2fc88e1fb96f5a539050fd9f5e6b324483
                                                                                                                                              • Instruction Fuzzy Hash: B4E026323101246BC7147ABABC0485FBB5EEBC9239310493EF90983315DEB60C1983A0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0f2fb2714850a32fe1e751a69dce371c28b39f318a9e5da919f30d3348a61a75
                                                                                                                                              • Instruction ID: a6c4128ac82cb17f437e2910273e5e53e957c5f94eef610f8452becb2aa76118
                                                                                                                                              • Opcode Fuzzy Hash: 0f2fb2714850a32fe1e751a69dce371c28b39f318a9e5da919f30d3348a61a75
                                                                                                                                              • Instruction Fuzzy Hash: 22E06530100BA58BC720A73DE4096AEBBE6DBC521DF05092DD14687B25CBB5A84987D5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4b078c2c9030ac962b45eccc253e6589090e546d75ac5025dbd1c183e2e308e7
                                                                                                                                              • Instruction ID: 619cf68a9cfe7dbd6bfdb48b39d9ce6a1260a0d47bd5b70fc80ed2eca71ec114
                                                                                                                                              • Opcode Fuzzy Hash: 4b078c2c9030ac962b45eccc253e6589090e546d75ac5025dbd1c183e2e308e7
                                                                                                                                              • Instruction Fuzzy Hash: 61F05E7494A208CBDB58CB34C9806DDF776BF89349F2184AA940A7B364DB799942CE40
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8c6318d5640a574f937a4e7766231d5c0aae9d66d28369e595ab99c80afd4d40
                                                                                                                                              • Instruction ID: 9277b2185b140a8234fdda633d014c86bb76e226f6f79f45744eb52ee34b1011
                                                                                                                                              • Opcode Fuzzy Hash: 8c6318d5640a574f937a4e7766231d5c0aae9d66d28369e595ab99c80afd4d40
                                                                                                                                              • Instruction Fuzzy Hash: F7F0A570E0521C9FDB90EFE9D94169EBBF4FB48300F4085AAD418A3350E7745A458F91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f72190f6e5817a3a0831e96c9d2300b6a9810e944133b262b25146c37b5586a2
                                                                                                                                              • Instruction ID: 1a337bd634f73fea66cf5fa6b368649285d27fcd16fe3b0ccb9bfae1abc3a109
                                                                                                                                              • Opcode Fuzzy Hash: f72190f6e5817a3a0831e96c9d2300b6a9810e944133b262b25146c37b5586a2
                                                                                                                                              • Instruction Fuzzy Hash: 00E0C23260C3184F93469FA858202DE3FE2DE821A470608A7C048DFB90D9690D8983A1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 272ec164798aa97c3c08df9d975227fd45fe8a45053fcde347286083c68c1334
                                                                                                                                              • Instruction ID: b2d0200b73ae8f288adf4475992aa66ca68fba9296ee68daf7a4e978896de9d0
                                                                                                                                              • Opcode Fuzzy Hash: 272ec164798aa97c3c08df9d975227fd45fe8a45053fcde347286083c68c1334
                                                                                                                                              • Instruction Fuzzy Hash: 56F0ACB4D0021CDFCB54DFA8D9446ADBBF1FB49301F1045AAD81497310D7715A51DF95
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 25dd7dd4285b57f78b787d8f99f98fce44c51d3d1d39f63446970775a546febc
                                                                                                                                              • Instruction ID: 1ff0d7a1da7b2dfebc550baeedf4164fdefba0b455e0d48dead42791664bd40a
                                                                                                                                              • Opcode Fuzzy Hash: 25dd7dd4285b57f78b787d8f99f98fce44c51d3d1d39f63446970775a546febc
                                                                                                                                              • Instruction Fuzzy Hash: F0E092305007308FC314EB79E94688E77D69F842153048D29908A87A24DFB47C8C87E1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8b963b342caf774f0a6c6c04e7ddd2b057430d5ed1fdfc8d8b33e0a6b93018a1
                                                                                                                                              • Instruction ID: 7ed4685788808fd10bda4172d864e13735ed0f104b8774721f327eeb3bd6102f
                                                                                                                                              • Opcode Fuzzy Hash: 8b963b342caf774f0a6c6c04e7ddd2b057430d5ed1fdfc8d8b33e0a6b93018a1
                                                                                                                                              • Instruction Fuzzy Hash: 71E012B09142189FCB40FFB8E849A9D7BF4EB45205F0085A9D50493261E7301A899B91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 11dc17075b6f98eba5630ada2f26784e03a0d52a519018cfb61db49bcd507b1a
                                                                                                                                              • Instruction ID: a1e94f1d3b8a732d64f3137a37e9143408b056e7bb6edc6a8623171ff0f27091
                                                                                                                                              • Opcode Fuzzy Hash: 11dc17075b6f98eba5630ada2f26784e03a0d52a519018cfb61db49bcd507b1a
                                                                                                                                              • Instruction Fuzzy Hash: B9E0D820B451A48FDB09DF69D46035E3BB1EB42200F0841B9D8818B26EC62D5C2B9B00
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a6949a1de4d423f98b3bed06c27c0832075fbfb9d6dbc962f06f60089cef60d1
                                                                                                                                              • Instruction ID: 15ac07e40ad5e3cda54b75627c58383fcfe090ace2eff1dac99bbefed40fdca7
                                                                                                                                              • Opcode Fuzzy Hash: a6949a1de4d423f98b3bed06c27c0832075fbfb9d6dbc962f06f60089cef60d1
                                                                                                                                              • Instruction Fuzzy Hash: CED05E353001249B8A24776DF9688BE3BAEEFC5A26304043EE107C7764CF691D4A47E6
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 7235a7bac2e95dbd161ce9a0fddda49180d799ee84df549d43cb7aebfd6b0076
                                                                                                                                              • Instruction ID: d6e8a72bd2982dae72a2ba74b2e225a2b7a42b43aa521e5c8e3ae470458a3e3b
                                                                                                                                              • Opcode Fuzzy Hash: 7235a7bac2e95dbd161ce9a0fddda49180d799ee84df549d43cb7aebfd6b0076
                                                                                                                                              • Instruction Fuzzy Hash: 07E0C2300047518FCB12CF28D8806C6BFF1AF06210B028DDEC0D5CB461C7346C8ACB52
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5de42a09307140e85078c5c082feba56813e59dc8dc83f8e7094ff9be1a531b9
                                                                                                                                              • Instruction ID: d57b46c94fb97be6b286801bc94e1013f40e0af3e2b4e21f533797706c9403f6
                                                                                                                                              • Opcode Fuzzy Hash: 5de42a09307140e85078c5c082feba56813e59dc8dc83f8e7094ff9be1a531b9
                                                                                                                                              • Instruction Fuzzy Hash: 7CE0DF3155C2798FCB09FF24B89148CBBE2FB453283064A7ED4408B1AAC3795D6AC791
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b40268235908f590bb50e02acdb7b722903db115b98716fe5528f0bc4bfbe8f2
                                                                                                                                              • Instruction ID: 7697ae6fcf85c4e12f8dc7ffcb84e3889a98f97480ca26d869beab000587ca81
                                                                                                                                              • Opcode Fuzzy Hash: b40268235908f590bb50e02acdb7b722903db115b98716fe5528f0bc4bfbe8f2
                                                                                                                                              • Instruction Fuzzy Hash: FDE08C30D00208DFC764DFB8E40829DBBB1FB45301F1081ADC81893350D7315A05CF91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 88e9e7027f559f29b8b753107ee5747a5df77da049c27e3d747ec008488ca8a0
                                                                                                                                              • Instruction ID: afa6a698820c33dadc414970390ada4e17a26f007c59501176e611b5c80bf485
                                                                                                                                              • Opcode Fuzzy Hash: 88e9e7027f559f29b8b753107ee5747a5df77da049c27e3d747ec008488ca8a0
                                                                                                                                              • Instruction Fuzzy Hash: 58E0EC71811208EFCB65EFB4E80869DBFB5FB45311F108169E9045A260E7329694DBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 93ff161f52b3cc54f12c52787a47628a799c86d8b44b75016b07e186e6924aab
                                                                                                                                              • Instruction ID: b014e737808bc9a27f226cc39a7fdfa300ecd8eaa4ae65ab4225e3df0b1f16df
                                                                                                                                              • Opcode Fuzzy Hash: 93ff161f52b3cc54f12c52787a47628a799c86d8b44b75016b07e186e6924aab
                                                                                                                                              • Instruction Fuzzy Hash: B5E01731254648EFCB828FA5C8108A83BB1FF9A22435540DAE584CF232C33A9C52DB01
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d4e76569725b3b70dadc893d60b1dc4ba5c6d543a4eee0c7fc9529a9d083185e
                                                                                                                                              • Instruction ID: 27e0cee6f415b88c2d7136bc00fe7be7d0d6efb178d22725a4624328e547a604
                                                                                                                                              • Opcode Fuzzy Hash: d4e76569725b3b70dadc893d60b1dc4ba5c6d543a4eee0c7fc9529a9d083185e
                                                                                                                                              • Instruction Fuzzy Hash: 33E092B994022ECFCB64DF64C984BEDBBB4BB18315F1041E6D419A7260D7309AC1CF10
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 19a0db77072de3a8a6ab79601831c4a5e443980b7793355b5d1de46546164e09
                                                                                                                                              • Instruction ID: 222ab8f31ed7252f6bacc3d876dc18b71029d2d40987db2a32dead76ac2976e7
                                                                                                                                              • Opcode Fuzzy Hash: 19a0db77072de3a8a6ab79601831c4a5e443980b7793355b5d1de46546164e09
                                                                                                                                              • Instruction Fuzzy Hash: D3D012336043286B0744EEA958115DF7F9DDE84174B01406AD50DDB740EE762D4846D5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c29a5c9755a926d3a8bde3743bc1e01e9d320d4a95ecd1b100d6f5e331206cc2
                                                                                                                                              • Instruction ID: 8f6e08176e91e41e8702e9dae553de31fba436dcbea98acddb96e2aba6c62635
                                                                                                                                              • Opcode Fuzzy Hash: c29a5c9755a926d3a8bde3743bc1e01e9d320d4a95ecd1b100d6f5e331206cc2
                                                                                                                                              • Instruction Fuzzy Hash: BFE05AB4605328CFC758CF20C998898BB72BF4A716B5104A8E8065B361CB36A981CE00
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 36561d69573c87a453f84c97cb282018c9ab026f73e50dfe15588e523005295d
                                                                                                                                              • Instruction ID: a83f1ee9222794885a56847bf76f320d265a3c40b5aa970fed97222962df44f0
                                                                                                                                              • Opcode Fuzzy Hash: 36561d69573c87a453f84c97cb282018c9ab026f73e50dfe15588e523005295d
                                                                                                                                              • Instruction Fuzzy Hash: 9AD05EB890568A8B8708DBE9DC4219EFBB2BF99355B24D62980569E5A9E770110A8A00
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5635fed8b6c52436d3a3dcaae157a9090fa835439be5603b346b28b08449e956
                                                                                                                                              • Instruction ID: 3564ff8e5b5c8b0bcddf4bf4415576c4d5ba8c7bee15cd9024ab08bc35e0bc07
                                                                                                                                              • Opcode Fuzzy Hash: 5635fed8b6c52436d3a3dcaae157a9090fa835439be5603b346b28b08449e956
                                                                                                                                              • Instruction Fuzzy Hash: BBE017F4A1961E8FCBA0DF60CC84A9AB7F1EF49351F2092EA895DD2715D7344A81CF10
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 7a8de1c74e3c94095a644f7533385d877dff169c4a7ab4502d5cb554ae42ae65
                                                                                                                                              • Instruction ID: 1fc7efd1b3ce6d6d5242dd4edd2b4fadbc6bd416787fbe7fbf0a9bc66484042f
                                                                                                                                              • Opcode Fuzzy Hash: 7a8de1c74e3c94095a644f7533385d877dff169c4a7ab4502d5cb554ae42ae65
                                                                                                                                              • Instruction Fuzzy Hash: D8D0C936A05B514F87548E6AA00009CBBE1AEC423535446AED165932E9C72458828B50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8e592c14d86af919b1c9ac7631ed22e170ba7407be55197304f2c7b613573356
                                                                                                                                              • Instruction ID: 0ed4d5618afdca5949c74c499c984e7c4a94833143f75e796f454b85f0269ac0
                                                                                                                                              • Opcode Fuzzy Hash: 8e592c14d86af919b1c9ac7631ed22e170ba7407be55197304f2c7b613573356
                                                                                                                                              • Instruction Fuzzy Hash: 89D017B495616ACBCB50DF21E980ECCB7B1FF88304F1099B4E109A2668EB386E40CF40
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: dab39b603d5027ad9a2d69916747e1c5251c27fc92cc67813956be8c406f0226
                                                                                                                                              • Instruction ID: f5bb2204e885e8aebeaaa75063208ea08cc52b96659ae0ee3b4cd7754567f9ae
                                                                                                                                              • Opcode Fuzzy Hash: dab39b603d5027ad9a2d69916747e1c5251c27fc92cc67813956be8c406f0226
                                                                                                                                              • Instruction Fuzzy Hash: 2EE06775819228CFCB249F30CA447DCBBB1BF19345F4085EAD84966250D3354B84CF10
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2fbb95084f6e95a9949738c9c4e172d27a61e9ebbf0e89b0e4570813a152f35f
                                                                                                                                              • Instruction ID: 8a88759d8aa945d4cf774637d6fc187e12ee8c09a28054ec4565c7a1df66c71b
                                                                                                                                              • Opcode Fuzzy Hash: 2fbb95084f6e95a9949738c9c4e172d27a61e9ebbf0e89b0e4570813a152f35f
                                                                                                                                              • Instruction Fuzzy Hash: D4C09B306586528FDB4246685C542943FF0DDD613631649F1C1C1DA521E25CCC8DC711
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f458f03200d8c36322b95ade08e9f36bddd03b4495ab1e074089ee9ee6966c51
                                                                                                                                              • Instruction ID: 5797cce2021f2d66d6624bec195b79f4e70a2ae9fa0539f9503389931dd6c118
                                                                                                                                              • Opcode Fuzzy Hash: f458f03200d8c36322b95ade08e9f36bddd03b4495ab1e074089ee9ee6966c51
                                                                                                                                              • Instruction Fuzzy Hash: E8C08CB080629ADB8B08CBD0C88806EBBB1FF6A321F10A8248046AE1B8D7308640CA04
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8da72a4b4dcd1884c9417bc1ab80ef4fceb58f9a6d44c1ef86f476b91d9f9e54
                                                                                                                                              • Instruction ID: 9c53c732d5f767b1ab11b900f9988e5bdd595239a99f1fe3c6358676ecc368b3
                                                                                                                                              • Opcode Fuzzy Hash: 8da72a4b4dcd1884c9417bc1ab80ef4fceb58f9a6d44c1ef86f476b91d9f9e54
                                                                                                                                              • Instruction Fuzzy Hash: D7B012F0804304C7C3045FD0A4D40E9B630F74B302F80D1E57047631508F354A40CA19
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: OuA$OuA
                                                                                                                                              • API String ID: 0-2167715611
                                                                                                                                              • Opcode ID: 94c7c247edc60afef065853b58a1c901b65282911e01619441c7118cde401d58
                                                                                                                                              • Instruction ID: d94d3c0e9556d3ae03d1f499d80a48e3b26a2b47db6651703aed7ccad3fe1501
                                                                                                                                              • Opcode Fuzzy Hash: 94c7c247edc60afef065853b58a1c901b65282911e01619441c7118cde401d58
                                                                                                                                              • Instruction Fuzzy Hash: 6B71B2B4E05609CFCB04CFEAD5815AEFBB2EF89310F14952AD415BB264DB349A42CF94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: (vfU$(vfU
                                                                                                                                              • API String ID: 0-673660724
                                                                                                                                              • Opcode ID: 21ea3b0b540c228f0b58d5c3761889ef58ef97be24942f66bea578754d851666
                                                                                                                                              • Instruction ID: ae7b834c324bce2779e18a2e960a0f4b465370afe28649c8dba7be69a9286ffd
                                                                                                                                              • Opcode Fuzzy Hash: 21ea3b0b540c228f0b58d5c3761889ef58ef97be24942f66bea578754d851666
                                                                                                                                              • Instruction Fuzzy Hash: 9161F2B4E152198FCB04CFA9D9805DEFBF2BF89210F24946AD445B7328E735AA418F64
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: ARyc$ARyc
                                                                                                                                              • API String ID: 0-2649006402
                                                                                                                                              • Opcode ID: 9807243aa5dacb5698e7d7b3cad15d189185b9cfece5eb3dfcbaa9af263df5a9
                                                                                                                                              • Instruction ID: a5d98b0f1849b26e4e81ae2689373cf9286a2683a8cf0c567219b46591b4b235
                                                                                                                                              • Opcode Fuzzy Hash: 9807243aa5dacb5698e7d7b3cad15d189185b9cfece5eb3dfcbaa9af263df5a9
                                                                                                                                              • Instruction Fuzzy Hash: 6D41F7B4D0560ADFDB04CFAAC5805EEFBF2BB89300F24D46AD515B7214E7359A418FA4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: Zk
                                                                                                                                              • API String ID: 0-2300988056
                                                                                                                                              • Opcode ID: e81d0d1046545cc8af646e8135ea57b5484fef3d828f40bf1e6070e7599ea5a5
                                                                                                                                              • Instruction ID: f2ab9dc626d6364341219d4985525a3f2d55fc2661b99477181a91c920cbb41f
                                                                                                                                              • Opcode Fuzzy Hash: e81d0d1046545cc8af646e8135ea57b5484fef3d828f40bf1e6070e7599ea5a5
                                                                                                                                              • Instruction Fuzzy Hash: 05D1CD34B002158FDB15EBB8D854AAEBBF6FF89240B1480A9D506DB3A5DB34DC46CB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: MN
                                                                                                                                              • API String ID: 0-778139259
                                                                                                                                              • Opcode ID: 19012e7e7eac1422252d6c35c9b8b6bdcfdb34c8754061da1e16d8a98f245d40
                                                                                                                                              • Instruction ID: 47c12f0ba71f3061b62d85d33eeef4d4934d7816408484096200208f1d31de35
                                                                                                                                              • Opcode Fuzzy Hash: 19012e7e7eac1422252d6c35c9b8b6bdcfdb34c8754061da1e16d8a98f245d40
                                                                                                                                              • Instruction Fuzzy Hash: D681E3B4E14209DFCB44CFA9C98499EBBF1FF89310F15856AE455AB324D331AA42CF90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: MN
                                                                                                                                              • API String ID: 0-778139259
                                                                                                                                              • Opcode ID: 0da8636045fe2908d8ef81c0e5e1785051a5bcd2a5c9a738abb95b2bad18fd2d
                                                                                                                                              • Instruction ID: c071196103aefef4e4a3d5c1dd5b6ba93210a2f7f5350fafc916aed70d6917af
                                                                                                                                              • Opcode Fuzzy Hash: 0da8636045fe2908d8ef81c0e5e1785051a5bcd2a5c9a738abb95b2bad18fd2d
                                                                                                                                              • Instruction Fuzzy Hash: 9281C1B4E10209DFCB44CF99C98499EBBF1FF89310F24956AE455AB324D335AA42CF90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: j@>s
                                                                                                                                              • API String ID: 0-2374794816
                                                                                                                                              • Opcode ID: c163f1185e6fac9e7a539a1631c12dd1c81ebafa25626baf372143c0bc1d9ef1
                                                                                                                                              • Instruction ID: 4e716cc5ee6c38e866d414bf6d4eea1a17381b5eb91fa16e88e3618dbc5e9f22
                                                                                                                                              • Opcode Fuzzy Hash: c163f1185e6fac9e7a539a1631c12dd1c81ebafa25626baf372143c0bc1d9ef1
                                                                                                                                              • Instruction Fuzzy Hash: A471E0B4D0420ADFCB14CF9AD9809AEFBF2BF48350F14866AD455AB315C734A982CF95
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: j@>s
                                                                                                                                              • API String ID: 0-2374794816
                                                                                                                                              • Opcode ID: ee5595f7e95a68a361c250ce11096c449b3c1d3541ec9e0df5a1a52e82cff1cb
                                                                                                                                              • Instruction ID: 94185da7b0238acaa8433c5d25dab10bafcc7e209d112fcb063ef9c9cf5c84aa
                                                                                                                                              • Opcode Fuzzy Hash: ee5595f7e95a68a361c250ce11096c449b3c1d3541ec9e0df5a1a52e82cff1cb
                                                                                                                                              • Instruction Fuzzy Hash: 2A61E3B4D0420A9FCB54CFA9D8809AEFBB2FF48310F14866AD455A7315D734A942CF95
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: (vfU
                                                                                                                                              • API String ID: 0-1008215413
                                                                                                                                              • Opcode ID: 4a1948e32c6ba58fb903e2b236438ad377f1f558acf6a229b71b47773fecfe51
                                                                                                                                              • Instruction ID: 2093e11b0215c4fec061e3a208372a236186614713d906e691334bc989233295
                                                                                                                                              • Opcode Fuzzy Hash: 4a1948e32c6ba58fb903e2b236438ad377f1f558acf6a229b71b47773fecfe51
                                                                                                                                              • Instruction Fuzzy Hash: AB6104B4E052098FCB04CFA9D9805DEFBF2BF89210F24946AD445B7268E735AA41CF64
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: ARyc
                                                                                                                                              • API String ID: 0-1200810183
                                                                                                                                              • Opcode ID: 222880576418246b3889960e60b327896f2a17e0245e67c93d57229055f72a57
                                                                                                                                              • Instruction ID: 37e926d46f2ebd68f75e452d47bdd9e0e1c2c42e9a6f59a98d3988e9b98b8618
                                                                                                                                              • Opcode Fuzzy Hash: 222880576418246b3889960e60b327896f2a17e0245e67c93d57229055f72a57
                                                                                                                                              • Instruction Fuzzy Hash: 8F4107B4E0564A9FCB04CFAAC5805EEFBF2BF8A300F24D46AD455B7214E7359A418F64
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.396259678.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1500000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9cef1a2cff5a42647f87d4d25fe177686e4aaffa2d78a80705177f372557e546
                                                                                                                                              • Instruction ID: 24684a3bb214e240a6fa1ff0c985fec2582178cfba687345e62f1f53b511acc7
                                                                                                                                              • Opcode Fuzzy Hash: 9cef1a2cff5a42647f87d4d25fe177686e4aaffa2d78a80705177f372557e546
                                                                                                                                              • Instruction Fuzzy Hash: 64E1B1347006159FD719DBB8C8A0A6EB7A7BFC9214F004569D50ACBBA5DF34EC86CB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 25ffbf63afc455da2fa6a68883d06ce8050700c1252d31fe69f4ec176f94e381
                                                                                                                                              • Instruction ID: 82672610a759ac7d6d37c6d84dcbb8072d2e73d60415cdfc80fa36af56338781
                                                                                                                                              • Opcode Fuzzy Hash: 25ffbf63afc455da2fa6a68883d06ce8050700c1252d31fe69f4ec176f94e381
                                                                                                                                              • Instruction Fuzzy Hash: D7A18FB09002688FCB55DFA9D9D05ADFBB2FF85314F18C5A9D0849B32AD7349942CFA0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.395864913.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_14b0000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 942dc988f9f161876d1c2318ec50529ba1a50aa92e18828cc492213153e90c1d
                                                                                                                                              • Instruction ID: e67d06ecad07fc2a6947023a813420daf541cf02d50d62f1ff3ce6f208d352cf
                                                                                                                                              • Opcode Fuzzy Hash: 942dc988f9f161876d1c2318ec50529ba1a50aa92e18828cc492213153e90c1d
                                                                                                                                              • Instruction Fuzzy Hash: 07914270E002499FDF14CFA9C9957DEBBF2AF88318F14852AE409B7364DB749845CBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9826b7b720c7d4bcbc501e1cf3b91d5dcd7800c8a0fce74006bb40d62c85271d
                                                                                                                                              • Instruction ID: cc1b9da0f7fdad1e505cbb70a8cbaac665706c38a933814301d24d75ba5c8901
                                                                                                                                              • Opcode Fuzzy Hash: 9826b7b720c7d4bcbc501e1cf3b91d5dcd7800c8a0fce74006bb40d62c85271d
                                                                                                                                              • Instruction Fuzzy Hash: 3E914BB0E04228CFCB15CFA9D880A9DBBF2BF89314F14C5A9D415AB365D7349942CF50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: fa7b2d153246a037d6b10751245ca1437369e75b2c7b953d170ccdeeecbb1b56
                                                                                                                                              • Instruction ID: 28be0e467505609e3b7900c9fef69b0bf5ae43ca7ff2efd06c2024b9044fe251
                                                                                                                                              • Opcode Fuzzy Hash: fa7b2d153246a037d6b10751245ca1437369e75b2c7b953d170ccdeeecbb1b56
                                                                                                                                              • Instruction Fuzzy Hash: 11913EB0A005688FDB14DFA9D9C099DFBB2FF85304F24C669D459AB329D7349942CFA0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 42abf72d02a01948b97b3d6f08043ff4f05d768c7dd000168fb8e65605b969c2
                                                                                                                                              • Instruction ID: 5df20244a497b569c1d19f7b723c0450869e31c65be6970e724a75a8fd4ff363
                                                                                                                                              • Opcode Fuzzy Hash: 42abf72d02a01948b97b3d6f08043ff4f05d768c7dd000168fb8e65605b969c2
                                                                                                                                              • Instruction Fuzzy Hash: 238128B4E10228CFDB54DFA9D980A9EFBF2BF88304F248569D409AB365DB349941CF50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.393754200.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1040000_PIptrFxrxR.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 905e99ee69afcd154dd09ae5829e2c2f9cb0b647cfdc938caab5c1cfe6263a74
                                                                                                                                              • Instruction ID: 3324f20c7b705701dacaac325442bf7f3c8455052b6bc990563ba7d864ba5eea
                                                                                                                                              • Opcode Fuzzy Hash: 905e99ee69afcd154dd09ae5829e2c2f9cb0b647cfdc938caab5c1cfe6263a74
                                                                                                                                              • Instruction Fuzzy Hash: 793158B0D053488FD71ACF7AD98159DBFF2AF86204F19C0AED4849B262E7319902DF11
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%