Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Reiven RFQ-27-05-2024.exe

Overview

General Information

Sample name:Reiven RFQ-27-05-2024.exe
Analysis ID:1447832
MD5:8696f9ebbc79cf408d4ff3a138719580
SHA1:5dbcbf3c2d193ef88902e57a4959773d3a6e888d
SHA256:e0046a68adc340b6ae02f1c8924316dd2b914e38f80df71b3453e65d23d58999
Tags:exeFormbook
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Check if machine is in data center or colocation facility
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to log keystrokes (.Net Source)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Suspicious Outbound SMTP Connections
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Reiven RFQ-27-05-2024.exe (PID: 1404 cmdline: "C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe" MD5: 8696F9EBBC79CF408D4FF3A138719580)
    • Reiven RFQ-27-05-2024.exe (PID: 5732 cmdline: "C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe" MD5: 8696F9EBBC79CF408D4FF3A138719580)
  • GrOcCQC.exe (PID: 2532 cmdline: "C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe" MD5: 8696F9EBBC79CF408D4FF3A138719580)
    • GrOcCQC.exe (PID: 3940 cmdline: "C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe" MD5: 8696F9EBBC79CF408D4FF3A138719580)
  • GrOcCQC.exe (PID: 7008 cmdline: "C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe" MD5: 8696F9EBBC79CF408D4FF3A138719580)
    • GrOcCQC.exe (PID: 3548 cmdline: "C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe" MD5: 8696F9EBBC79CF408D4FF3A138719580)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.medicalhome.com.pe", "Username": "info@medicalhome.com.pe", "Password": "MHinfo01"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.3328584752.0000000003152000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000003.00000002.3328316664.0000000002A05000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000003.00000002.3328316664.0000000002A05000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000003.00000002.3328316664.0000000002A56000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000003.00000002.3328316664.0000000002A32000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 20 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                • 0x329d2:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                • 0x32a44:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                • 0x32ace:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                • 0x32b60:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                • 0x32bca:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                • 0x32c3c:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                • 0x32cd2:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                • 0x32d62:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                0.2.Reiven RFQ-27-05-2024.exe.3eaee00.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0.2.Reiven RFQ-27-05-2024.exe.3eaee00.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    Click to see the 9 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe, ProcessId: 5732, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GrOcCQC
                    Sigma detected: Suspicious Outbound SMTP Connections
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 144.217.159.195, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe, Initiated: true, ProcessId: 5732, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49705

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.medicalhome.com.pe", "Username": "info@medicalhome.com.pe", "Password": "MHinfo01"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeReversingLabs: Detection: 31%
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeVirustotal: Detection: 55%Perma Link
                    Multi AV Scanner detection for submitted file
                    Source: Reiven RFQ-27-05-2024.exeReversingLabs: Detection: 31%
                    Source: Reiven RFQ-27-05-2024.exeVirustotal: Detection: 55%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: Reiven RFQ-27-05-2024.exeJoe Sandbox ML: detected
                    Source: Reiven RFQ-27-05-2024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: Reiven RFQ-27-05-2024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Networking

                    barindex
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 0.2.Reiven RFQ-27-05-2024.exe.3eaee00.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.raw.unpack, type: UNPACKEDPE
                    Source: global trafficTCP traffic: 192.168.2.6:49705 -> 144.217.159.195:587
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                    Source: Joe Sandbox ViewIP Address: 144.217.159.195 144.217.159.195
                    Source: Joe Sandbox ViewASN Name: TUT-ASUS TUT-ASUS
                    Source: unknownDNS query: name: ip-api.com
                    Source: global trafficTCP traffic: 192.168.2.6:49705 -> 144.217.159.195:587
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: ip-api.com
                    Source: global trafficDNS traffic detected: DNS query: mail.medicalhome.com.pe
                    Source: Reiven RFQ-27-05-2024.exe, GrOcCQC.exe.3.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                    Source: Reiven RFQ-27-05-2024.exe, GrOcCQC.exe.3.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                    Source: Reiven RFQ-27-05-2024.exe, GrOcCQC.exe.3.drString found in binary or memory: http://feeds.soundcloud.com/users/soundcloud:users:38128127/sounds.rss
                    Source: Reiven RFQ-27-05-2024.exe, 00000003.00000002.3328316664.00000000029D1000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3329095685.00000000029EC000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3328584752.00000000030F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
                    Source: Reiven RFQ-27-05-2024.exe, 00000000.00000002.2091795003.0000000003E3E000.00000004.00000800.00020000.00000000.sdmp, Reiven RFQ-27-05-2024.exe, 00000003.00000002.3324165254.0000000000A1E000.00000004.00000020.00020000.00000000.sdmp, Reiven RFQ-27-05-2024.exe, 00000003.00000002.3328316664.00000000029D1000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3329095685.00000000029EC000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3328584752.00000000030F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
                    Source: Reiven RFQ-27-05-2024.exe, 00000003.00000002.3324165254.0000000000A1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting3
                    Source: Reiven RFQ-27-05-2024.exe, 00000003.00000002.3328316664.0000000002A32000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3329095685.0000000002A42000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3328584752.0000000003152000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.medicalhome.com.pe
                    Source: Reiven RFQ-27-05-2024.exe, 00000003.00000002.3328316664.0000000002A32000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3329095685.0000000002A42000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3328584752.0000000003152000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://medicalhome.com.pe
                    Source: Reiven RFQ-27-05-2024.exe, GrOcCQC.exe.3.drString found in binary or memory: http://ocsp.comodoca.com0
                    Source: Reiven RFQ-27-05-2024.exe, 00000003.00000002.3324165254.0000000000A1E000.00000004.00000020.00020000.00000000.sdmp, Reiven RFQ-27-05-2024.exe, 00000003.00000002.3328316664.0000000002A32000.00000004.00000800.00020000.00000000.sdmp, Reiven RFQ-27-05-2024.exe, 00000003.00000002.3324165254.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3344090669.0000000005E80000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3324292845.0000000000DA2000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3329095685.0000000002A42000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.00000000013DF000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.000000000141C000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3344368416.00000000065B0000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3328584752.0000000003152000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.000000000143E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/03
                    Source: Reiven RFQ-27-05-2024.exe, 00000003.00000002.3324165254.0000000000A1E000.00000004.00000020.00020000.00000000.sdmp, Reiven RFQ-27-05-2024.exe, 00000003.00000002.3328316664.0000000002A32000.00000004.00000800.00020000.00000000.sdmp, Reiven RFQ-27-05-2024.exe, 00000003.00000002.3324165254.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3344090669.0000000005E80000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3324292845.0000000000DA2000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3329095685.0000000002A42000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.00000000013DF000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.000000000141C000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3344368416.00000000065B0000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3328584752.0000000003152000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.000000000143E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
                    Source: Reiven RFQ-27-05-2024.exe, 00000003.00000002.3328316664.00000000029D1000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3329095685.00000000029EC000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3328584752.00000000030F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Reiven RFQ-27-05-2024.exe, 00000003.00000002.3344814375.0000000006182000.00000004.00000020.00020000.00000000.sdmp, Reiven RFQ-27-05-2024.exe, 00000003.00000002.3324165254.0000000000A1E000.00000004.00000020.00020000.00000000.sdmp, Reiven RFQ-27-05-2024.exe, 00000003.00000002.3328316664.0000000002A32000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3344090669.0000000005E80000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3324292845.0000000000DA2000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3329095685.0000000002A42000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3324292845.0000000000D74000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.00000000013DF000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.000000000141C000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3328584752.0000000003152000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.0000000001360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                    Source: Reiven RFQ-27-05-2024.exe, 00000003.00000002.3344814375.0000000006182000.00000004.00000020.00020000.00000000.sdmp, Reiven RFQ-27-05-2024.exe, 00000003.00000002.3324165254.0000000000A1E000.00000004.00000020.00020000.00000000.sdmp, Reiven RFQ-27-05-2024.exe, 00000003.00000002.3328316664.0000000002A32000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3344090669.0000000005E80000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3324292845.0000000000DA2000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3329095685.0000000002A42000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3324292845.0000000000D74000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.00000000013DF000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.000000000141C000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3328584752.0000000003152000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.0000000001360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                    Source: Reiven RFQ-27-05-2024.exe, 00000000.00000002.2091795003.0000000003E3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: Reiven RFQ-27-05-2024.exe, GrOcCQC.exe.3.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.raw.unpack, n00.cs.Net Code: _3YCBU
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.3eaee00.1.raw.unpack, n00.cs.Net Code: _3YCBU

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.3eaee00.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.3eaee00.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    .NET source code contains very large array initializations
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.2c84900.0.raw.unpack, .csLarge array initialization: : array initializer size 27103
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.72b0000.4.raw.unpack, .csLarge array initialization: : array initializer size 27103
                    Initial sample is a PE file and has a suspicious name
                    Source: initial sampleStatic PE information: Filename: Reiven RFQ-27-05-2024.exe
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 0_2_0127D5BC0_2_0127D5BC
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 0_2_05136F400_2_05136F40
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 0_2_051300400_2_05130040
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 0_2_05136F300_2_05136F30
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 0_2_088C630F0_2_088C630F
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 0_2_088C94B80_2_088C94B8
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 0_2_088C3D480_2_088C3D48
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 0_2_088C26A00_2_088C26A0
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 0_2_088C46200_2_088C4620
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 0_2_088C22680_2_088C2268
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 0_2_088C4E780_2_088C4E78
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 0_2_088C2FF80_2_088C2FF8
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 0_2_088C63780_2_088C6378
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_00EEF0F83_2_00EEF0F8
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_00EE42283_2_00EE4228
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_00EEB5D03_2_00EEB5D0
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_00EE4AF83_2_00EE4AF8
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_00EE3EE03_2_00EE3EE0
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_00EEAE003_2_00EEAE00
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_0629CC903_2_0629CC90
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_0629B4383_2_0629B438
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_062B65E83_2_062B65E8
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_062B55C03_2_062B55C0
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_062B23503_2_062B2350
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_062BC1903_2_062BC190
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_062B7D783_2_062B7D78
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_062B76983_2_062B7698
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_062BE3A03_2_062BE3A0
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_062B00403_2_062B0040
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_062B5CF03_2_062B5CF0
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_06AB39103_2_06AB3910
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_062B001F3_2_062B001F
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 4_2_00A4D5BC4_2_00A4D5BC
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 4_2_067F02D84_2_067F02D8
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 4_2_067FAA904_2_067FAA90
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 4_2_067FAA8A4_2_067FAA8A
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 4_2_06BB630F4_2_06BB630F
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 4_2_06BB26A04_2_06BB26A0
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 4_2_06BB46204_2_06BB4620
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 4_2_06BB4E784_2_06BB4E78
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 4_2_06BB22684_2_06BB2268
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 4_2_06BB63784_2_06BB6378
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 4_2_06BB94B84_2_06BB94B8
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 4_2_06BB3D484_2_06BB3D48
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 6_2_010442286_2_01044228
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 6_2_01044AF86_2_01044AF8
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 6_2_0104EFC86_2_0104EFC8
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 6_2_01043EE06_2_01043EE0
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 6_2_0104B4A06_2_0104B4A0
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 6_2_064FAC546_2_064FAC54
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 6_2_065155C06_2_065155C0
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 6_2_065165E86_2_065165E8
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 6_2_065130786_2_06513078
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 6_2_0651C1906_2_0651C190
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 6_2_06517D786_2_06517D78
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 6_2_065176986_2_06517698
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 6_2_065123426_2_06512342
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 6_2_0651E3A06_2_0651E3A0
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 6_2_065100406_2_06510040
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 6_2_06515CDF6_2_06515CDF
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 6_2_0651003B6_2_0651003B
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 7_2_0123D5BC7_2_0123D5BC
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 7_2_050A6F407_2_050A6F40
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 7_2_050A00067_2_050A0006
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 7_2_050A00407_2_050A0040
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 7_2_050A6F307_2_050A6F30
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 7_2_070D630F7_2_070D630F
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 7_2_070D63787_2_070D6378
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 7_2_070D46207_2_070D4620
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 7_2_070D22687_2_070D2268
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 7_2_070D4E787_2_070D4E78
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 7_2_070D26A07_2_070D26A0
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 7_2_070D3D487_2_070D3D48
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 7_2_070D94B87_2_070D94B8
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_01604AF88_2_01604AF8
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_0160EFC88_2_0160EFC8
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_01603EE08_2_01603EE0
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_016042288_2_01604228
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_0160B4A08_2_0160B4A0
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_06C2C4A08_2_06C2C4A0
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_06C2AC548_2_06C2AC54
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_06C455C08_2_06C455C0
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_06C465E88_2_06C465E8
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_06C430788_2_06C43078
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_06C4C1908_2_06C4C190
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_06C47D788_2_06C47D78
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_06C476988_2_06C47698
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_06C4E3A08_2_06C4E3A0
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_06C400408_2_06C40040
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_06C45CDF8_2_06C45CDF
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_071335008_2_07133500
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_06C400068_2_06C40006
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_06C4003B8_2_06C4003B
                    Source: Reiven RFQ-27-05-2024.exeStatic PE information: invalid certificate
                    Source: Reiven RFQ-27-05-2024.exe, 00000000.00000002.2091795003.0000000003E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameac48d4e1-996e-4f58-a425-6a9a2bc19947.exe4 vs Reiven RFQ-27-05-2024.exe
                    Source: Reiven RFQ-27-05-2024.exe, 00000000.00000002.2091795003.0000000003E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Reiven RFQ-27-05-2024.exe
                    Source: Reiven RFQ-27-05-2024.exe, 00000000.00000002.2091196729.0000000002C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs Reiven RFQ-27-05-2024.exe
                    Source: Reiven RFQ-27-05-2024.exe, 00000000.00000002.2094006338.00000000072B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs Reiven RFQ-27-05-2024.exe
                    Source: Reiven RFQ-27-05-2024.exe, 00000000.00000002.2094456581.00000000087E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Reiven RFQ-27-05-2024.exe
                    Source: Reiven RFQ-27-05-2024.exe, 00000000.00000002.2089088671.0000000000E3E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Reiven RFQ-27-05-2024.exe
                    Source: Reiven RFQ-27-05-2024.exe, 00000003.00000002.3323955764.0000000000939000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Reiven RFQ-27-05-2024.exe
                    Source: Reiven RFQ-27-05-2024.exeBinary or memory string: OriginalFilenamezNKa.exeB vs Reiven RFQ-27-05-2024.exe
                    Source: Reiven RFQ-27-05-2024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.3eaee00.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.3eaee00.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: Reiven RFQ-27-05-2024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.raw.unpack, NpXw3kw.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.raw.unpack, NpXw3kw.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.raw.unpack, gyfrCFT5x9I.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.raw.unpack, gyfrCFT5x9I.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.raw.unpack, gyfrCFT5x9I.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.raw.unpack, gyfrCFT5x9I.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.raw.unpack, fpnV0Qjz.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.raw.unpack, fpnV0Qjz.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, P4KdTDTBvmf8mLrGWD.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, P4KdTDTBvmf8mLrGWD.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, P4KdTDTBvmf8mLrGWD.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, P4KdTDTBvmf8mLrGWD.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, P4KdTDTBvmf8mLrGWD.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, P4KdTDTBvmf8mLrGWD.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, ShJNeJ5woXxHDCbUPp.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, ShJNeJ5woXxHDCbUPp.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/4@2/2
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Reiven RFQ-27-05-2024.exe.logJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMutant created: NULL
                    Source: Reiven RFQ-27-05-2024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Reiven RFQ-27-05-2024.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: Reiven RFQ-27-05-2024.exeReversingLabs: Detection: 31%
                    Source: Reiven RFQ-27-05-2024.exeVirustotal: Detection: 55%
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeFile read: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe:Zone.IdentifierJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe "C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe"
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess created: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe "C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe "C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe"
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess created: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe "C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe "C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe"
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess created: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe "C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe"
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess created: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe "C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess created: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe "C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess created: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe "C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: Reiven RFQ-27-05-2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: Reiven RFQ-27-05-2024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: Reiven RFQ-27-05-2024.exe, Form1.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                    Source: Reiven RFQ-27-05-2024.exe, Form1.cs.Net Code: InitializeComponent contains xor as well as GetObject
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, P4KdTDTBvmf8mLrGWD.cs.Net Code: MHRV8BRRTS System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, P4KdTDTBvmf8mLrGWD.cs.Net Code: MHRV8BRRTS System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.2c84900.0.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.72b0000.4.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 0_2_0127F112 push esp; iretd 0_2_0127F119
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 0_2_0127F110 pushad ; iretd 0_2_0127F111
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 0_2_05207538 push eax; mov dword ptr [esp], ecx0_2_0520753C
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_00EEF590 push eax; retn 0624h3_2_00EEF629
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_00EEF62C push eax; retn 0624h3_2_00EEF629
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_06294A50 push 640639DAh; iretd 3_2_06294A5D
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 4_2_00A4F110 pushad ; iretd 4_2_00A4F111
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 6_2_0104F450 push eax; retn 064Ah6_2_0104F4F9
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 6_2_064F57E0 push es; ret 6_2_064F57F0
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 7_2_0123F110 pushad ; iretd 7_2_0123F111
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_0160F450 push eax; retn 06BDh8_2_0160F4F9
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_06C257EF push es; ret 8_2_06C257F0
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_06C21E43 push edi; ret 8_2_06C21E52
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_06C21F05 push esi; ret 8_2_06C21F06
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_07130E28 push cs; ret 8_2_07130E36
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_07132D98 push cs; ret 8_2_07132DA6
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_071311BF push es; ret 8_2_071311C0
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_071311D0 push es; ret 8_2_071311DE
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeCode function: 8_2_07130DCB push cs; ret 8_2_07130E36
                    Source: Reiven RFQ-27-05-2024.exeStatic PE information: section name: .text entropy: 7.979508501795828
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, VT7u85EPcyxFxht16X.csHigh entropy of concatenated method names: 'ToString', 'mnicltypn6', 'HQgci1aBQc', 'V7HcfjBpCG', 'tXwcxd1siI', 'RTkcNSLlAB', 'lVUc3Y12ms', 'KW5cheTPlC', 'REac4LbFtb', 'Vt4cdrXUpU'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, Dyo3o0CjnKg05IjRlK.csHigh entropy of concatenated method names: 'IDD8Cd3NI', 'NwQuhlZRx', 'Xsv9b60Ig', 'RLAPxdQZF', 'r7NwSQmcv', 'HiZAWdaxj', 'UoWgII3SwUx3nv6JoS', 'UIGhTGRoppJdEOBmou', 'zTqHV0dIO', 'FhJCeqE32'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, AERr51V6NUta2MiOZ5P.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'vm1CUcJX5x', 'v9GCLc08bu', 'STKCvjuLlo', 'ji1CnE2BDa', 's28CJ2A0I3', 'gF6Cgv9p24', 'brGCqCRpWj'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, UfgY1ruWlio2rsgwZZ.csHigh entropy of concatenated method names: 'X4vHp3RuRe', 'YdUHOIe7hT', 'vWRHbfVL2w', 'rpeHDdCBuL', 'S2QHkiuxFd', 'FEZHjOxWQI', 'UmeHZCdLen', 'sUsH0ndGXx', 'x2eHFahZFh', 'tYLH5Psyvg'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, guvmcKet70gVvaXhNS.csHigh entropy of concatenated method names: 'ic2HeBKBT7', 'k6yHintgYb', 'gilHfB3MZw', 'YURHxgdaEh', 'ggnHUCrJHu', 'LZuHNJp6N9', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, P4KdTDTBvmf8mLrGWD.csHigh entropy of concatenated method names: 's9Z6swXfdX', 'lxr6pdLyDJ', 'ER36OuCUwR', 'LPH6bcq75S', 'aVI6DxRueD', 'kEL6kTiGxC', 'MB76jRbw7c', 'ENI6Zbv6LB', 'WR160QbKkB', 'fj96FIxlJr'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, c9EPPpoJp9IOiyOxSO.csHigh entropy of concatenated method names: 'LlHDMDuXuG', 'sfVDPQoyW3', 'Y6vbfHdMbO', 'm2jbx3Hi89', 'lJHbNnvY2k', 'smqb3ti04y', 'cHEbhkUo1T', 'xnxb4llBqZ', 'BFebd4c0va', 'TRBbRabtye'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, ivhM9fVQvSFUERDvrat.csHigh entropy of concatenated method names: 'geNTEtp75d', 'vvVTyw0rMK', 'IewT8reV4r', 'RrrTu28Du7', 'EbDTMlDTS7', 'Fv8T9iPDk9', 'CcBTPZuWeL', 'Wj0TXKSglc', 'lnRTwu2ASx', 'AsFTAWywYM'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, rwDUsR9pO3MhVwGISd.csHigh entropy of concatenated method names: 'RHnksgKukK', 'nlGkOkLS77', 'GDPkDkoF6G', 'ibukjSqolU', 'QRTkZyoauJ', 'ynuDJ0xFQS', 'H6FDgTNKS8', 'h8rDqlWQw5', 'wq3DKjwDx5', 'cl2DYLgM2M'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, yQMqXFPtsP075MpgE6.csHigh entropy of concatenated method names: 'Dispose', 'vAEWYYSrL2', 'dHoBiIeeiv', 'C0ZSSsCcIT', 'qEXWorGcKq', 'PtNWz5Yqu6', 'ProcessDialogKey', 'WNABQNTaON', 's4DBWVg5XP', 'irOBBc1ME4'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, SEmrleGJEyqXHgs1g4.csHigh entropy of concatenated method names: 'TCXrXEdD5D', 'ilOrw4v0Zc', 'B7preHP8WL', 'Cr4ri3CayK', 'leurxe10h0', 'QdWrNV7uZI', 'hNwrhoUtNX', 'W6Gr4STL3r', 'V9QrR9C51V', 'zborl0j3rw'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, gBDvjAH2DoZAb4aD0e.csHigh entropy of concatenated method names: 'tNtjEkYmdo', 'XdUjyTNPR2', 'cttj8AAVOD', 'aXLjuQG0SA', 'mOkjMhT7Jc', 'O65j9wB2gr', 'rD3jPBWmTP', 'GG6jXrbUxU', 't6UjwWmxDa', 'VRHjAe5NPV'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, ignCQygyEo9ouYrrrQ.csHigh entropy of concatenated method names: 'yXxtKnWr5h', 'p12totxfrx', 'GZqHQK2Fej', 'oxCHWODSMn', 'idjtlPE7nM', 'ToQt7xo7O2', 'iZpta6xqTr', 'GdKtUfrbhZ', 'SnptL4rtwf', 'nNatvcQW0E'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, ReVfZx0ugCj74bfC63.csHigh entropy of concatenated method names: 'lyqtFHCays', 'RbXt5H0iM6', 'ToString', 'jrotpUsjVT', 'nNItOKodTI', 'KertbOtP2D', 'qb9tDQX3n4', 'CaOtkrCmCV', 'XFptjxgyLw', 'Dh8tZEfcE0'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, G7WrotiTcmyOUhugbw.csHigh entropy of concatenated method names: 'O2mWj3KumO', 'bnCWZND0VI', 'j1oWF6LxgY', 'dihW5q9Ub9', 'wRiWIVf3mV', 'IUGWciGlVd', 'Gk7C3bUZgRo3PCRK8d', 'HtYLCNmCDFhxl9o9FI', 'NYqWW72Wc1', 'CoYW6AOwXe'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, SZ1ENUql6y3pgYG1WV.csHigh entropy of concatenated method names: 'TBwIRdDUvx', 'iTAI7qRnmR', 'o1mIUrHoZI', 'ajwIL1XEuB', 'x01IiLMV0P', 'xDuIfeACGe', 'jjLIxux4Nv', 'ygPINHYuac', 'Oc3I3tYBcd', 'zojIhhaXnC'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, rvRaEEwXRaQqPMRw1I.csHigh entropy of concatenated method names: 'fcsTWQG4VV', 'JHyT6egxaR', 'bvNTVl9JQS', 'tYMTpcpH55', 'gCMTOC42bm', 'QSaTDYx0OH', 'lXNTkextCU', 'uW1HqaTxI5', 'SmxHKoi21s', 'aGGHYV1g42'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, ShJNeJ5woXxHDCbUPp.csHigh entropy of concatenated method names: 'sH2OUKfjqZ', 'mMUOLa067S', 'XmwOvXy677', 'UBZOn6HOOB', 'UWHOJA158K', 'Tv1Og0re5V', 'hw2OqoDAmD', 'oGNOKVyib8', 'VqXOYnm4D4', 'uVqOoqLitS'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, BdoLQSZw3jBOqXvgae.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'B8HBYP5nAx', 'YVwBogUy5P', 'k3DBz9hwFR', 'TJb6QoP7Pm', 'mD76Wy1r30', 'hE46BEkKWQ', 'hNB66Mtikc', 'PBtckAkF8Ry8wNShMeP'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.87e0000.7.raw.unpack, NLcbcOvujMkjYjiFrg.csHigh entropy of concatenated method names: 'JsSbu7d4Yb', 'JZ5b9Y2dfF', 'OopbXmUflu', 'KIbbwW9E3e', 'SVobIG6dHP', 'wipbc7iMf3', 'PVCbtupnxH', 'H12bHP4ikM', 'SsBbTjJkVm', 'tMMbCc8Xmc'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, VT7u85EPcyxFxht16X.csHigh entropy of concatenated method names: 'ToString', 'mnicltypn6', 'HQgci1aBQc', 'V7HcfjBpCG', 'tXwcxd1siI', 'RTkcNSLlAB', 'lVUc3Y12ms', 'KW5cheTPlC', 'REac4LbFtb', 'Vt4cdrXUpU'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, Dyo3o0CjnKg05IjRlK.csHigh entropy of concatenated method names: 'IDD8Cd3NI', 'NwQuhlZRx', 'Xsv9b60Ig', 'RLAPxdQZF', 'r7NwSQmcv', 'HiZAWdaxj', 'UoWgII3SwUx3nv6JoS', 'UIGhTGRoppJdEOBmou', 'zTqHV0dIO', 'FhJCeqE32'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, AERr51V6NUta2MiOZ5P.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'vm1CUcJX5x', 'v9GCLc08bu', 'STKCvjuLlo', 'ji1CnE2BDa', 's28CJ2A0I3', 'gF6Cgv9p24', 'brGCqCRpWj'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, UfgY1ruWlio2rsgwZZ.csHigh entropy of concatenated method names: 'X4vHp3RuRe', 'YdUHOIe7hT', 'vWRHbfVL2w', 'rpeHDdCBuL', 'S2QHkiuxFd', 'FEZHjOxWQI', 'UmeHZCdLen', 'sUsH0ndGXx', 'x2eHFahZFh', 'tYLH5Psyvg'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, guvmcKet70gVvaXhNS.csHigh entropy of concatenated method names: 'ic2HeBKBT7', 'k6yHintgYb', 'gilHfB3MZw', 'YURHxgdaEh', 'ggnHUCrJHu', 'LZuHNJp6N9', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, P4KdTDTBvmf8mLrGWD.csHigh entropy of concatenated method names: 's9Z6swXfdX', 'lxr6pdLyDJ', 'ER36OuCUwR', 'LPH6bcq75S', 'aVI6DxRueD', 'kEL6kTiGxC', 'MB76jRbw7c', 'ENI6Zbv6LB', 'WR160QbKkB', 'fj96FIxlJr'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, c9EPPpoJp9IOiyOxSO.csHigh entropy of concatenated method names: 'LlHDMDuXuG', 'sfVDPQoyW3', 'Y6vbfHdMbO', 'm2jbx3Hi89', 'lJHbNnvY2k', 'smqb3ti04y', 'cHEbhkUo1T', 'xnxb4llBqZ', 'BFebd4c0va', 'TRBbRabtye'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, ivhM9fVQvSFUERDvrat.csHigh entropy of concatenated method names: 'geNTEtp75d', 'vvVTyw0rMK', 'IewT8reV4r', 'RrrTu28Du7', 'EbDTMlDTS7', 'Fv8T9iPDk9', 'CcBTPZuWeL', 'Wj0TXKSglc', 'lnRTwu2ASx', 'AsFTAWywYM'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, rwDUsR9pO3MhVwGISd.csHigh entropy of concatenated method names: 'RHnksgKukK', 'nlGkOkLS77', 'GDPkDkoF6G', 'ibukjSqolU', 'QRTkZyoauJ', 'ynuDJ0xFQS', 'H6FDgTNKS8', 'h8rDqlWQw5', 'wq3DKjwDx5', 'cl2DYLgM2M'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, yQMqXFPtsP075MpgE6.csHigh entropy of concatenated method names: 'Dispose', 'vAEWYYSrL2', 'dHoBiIeeiv', 'C0ZSSsCcIT', 'qEXWorGcKq', 'PtNWz5Yqu6', 'ProcessDialogKey', 'WNABQNTaON', 's4DBWVg5XP', 'irOBBc1ME4'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, SEmrleGJEyqXHgs1g4.csHigh entropy of concatenated method names: 'TCXrXEdD5D', 'ilOrw4v0Zc', 'B7preHP8WL', 'Cr4ri3CayK', 'leurxe10h0', 'QdWrNV7uZI', 'hNwrhoUtNX', 'W6Gr4STL3r', 'V9QrR9C51V', 'zborl0j3rw'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, gBDvjAH2DoZAb4aD0e.csHigh entropy of concatenated method names: 'tNtjEkYmdo', 'XdUjyTNPR2', 'cttj8AAVOD', 'aXLjuQG0SA', 'mOkjMhT7Jc', 'O65j9wB2gr', 'rD3jPBWmTP', 'GG6jXrbUxU', 't6UjwWmxDa', 'VRHjAe5NPV'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, ignCQygyEo9ouYrrrQ.csHigh entropy of concatenated method names: 'yXxtKnWr5h', 'p12totxfrx', 'GZqHQK2Fej', 'oxCHWODSMn', 'idjtlPE7nM', 'ToQt7xo7O2', 'iZpta6xqTr', 'GdKtUfrbhZ', 'SnptL4rtwf', 'nNatvcQW0E'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, ReVfZx0ugCj74bfC63.csHigh entropy of concatenated method names: 'lyqtFHCays', 'RbXt5H0iM6', 'ToString', 'jrotpUsjVT', 'nNItOKodTI', 'KertbOtP2D', 'qb9tDQX3n4', 'CaOtkrCmCV', 'XFptjxgyLw', 'Dh8tZEfcE0'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, G7WrotiTcmyOUhugbw.csHigh entropy of concatenated method names: 'O2mWj3KumO', 'bnCWZND0VI', 'j1oWF6LxgY', 'dihW5q9Ub9', 'wRiWIVf3mV', 'IUGWciGlVd', 'Gk7C3bUZgRo3PCRK8d', 'HtYLCNmCDFhxl9o9FI', 'NYqWW72Wc1', 'CoYW6AOwXe'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, SZ1ENUql6y3pgYG1WV.csHigh entropy of concatenated method names: 'TBwIRdDUvx', 'iTAI7qRnmR', 'o1mIUrHoZI', 'ajwIL1XEuB', 'x01IiLMV0P', 'xDuIfeACGe', 'jjLIxux4Nv', 'ygPINHYuac', 'Oc3I3tYBcd', 'zojIhhaXnC'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, rvRaEEwXRaQqPMRw1I.csHigh entropy of concatenated method names: 'fcsTWQG4VV', 'JHyT6egxaR', 'bvNTVl9JQS', 'tYMTpcpH55', 'gCMTOC42bm', 'QSaTDYx0OH', 'lXNTkextCU', 'uW1HqaTxI5', 'SmxHKoi21s', 'aGGHYV1g42'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, ShJNeJ5woXxHDCbUPp.csHigh entropy of concatenated method names: 'sH2OUKfjqZ', 'mMUOLa067S', 'XmwOvXy677', 'UBZOn6HOOB', 'UWHOJA158K', 'Tv1Og0re5V', 'hw2OqoDAmD', 'oGNOKVyib8', 'VqXOYnm4D4', 'uVqOoqLitS'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, BdoLQSZw3jBOqXvgae.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'B8HBYP5nAx', 'YVwBogUy5P', 'k3DBz9hwFR', 'TJb6QoP7Pm', 'mD76Wy1r30', 'hE46BEkKWQ', 'hNB66Mtikc', 'PBtckAkF8Ry8wNShMeP'
                    Source: 0.2.Reiven RFQ-27-05-2024.exe.405e740.3.raw.unpack, NLcbcOvujMkjYjiFrg.csHigh entropy of concatenated method names: 'JsSbu7d4Yb', 'JZ5b9Y2dfF', 'OopbXmUflu', 'KIbbwW9E3e', 'SVobIG6dHP', 'wipbc7iMf3', 'PVCbtupnxH', 'H12bHP4ikM', 'SsBbTjJkVm', 'tMMbCc8Xmc'
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeFile created: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run GrOcCQCJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run GrOcCQCJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Hides that the sample has been downloaded from the Internet (zone.identifier)
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeFile opened: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe:Zone.Identifier read attributes | deleteJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: Reiven RFQ-27-05-2024.exe PID: 1404, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: GrOcCQC.exe PID: 2532, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: GrOcCQC.exe PID: 7008, type: MEMORYSTR
                    Check if machine is in data center or colocation facility
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: Reiven RFQ-27-05-2024.exe, 00000000.00000002.2091795003.0000000003E3E000.00000004.00000800.00020000.00000000.sdmp, Reiven RFQ-27-05-2024.exe, 00000003.00000002.3328316664.0000000002A05000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3329095685.0000000002A15000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3328584752.0000000003125000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeMemory allocated: 1230000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeMemory allocated: 2C60000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeMemory allocated: 2A60000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeMemory allocated: 8C00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeMemory allocated: 9C00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeMemory allocated: 9E00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeMemory allocated: AE00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeMemory allocated: EE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeMemory allocated: 29D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeMemory allocated: 2800000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMemory allocated: A40000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMemory allocated: 2720000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMemory allocated: CF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMemory allocated: 7F90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMemory allocated: 8F90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMemory allocated: 9170000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMemory allocated: A170000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMemory allocated: ED0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMemory allocated: 29E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMemory allocated: 49E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMemory allocated: F60000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMemory allocated: 2A90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMemory allocated: 2870000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMemory allocated: 8590000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMemory allocated: 9590000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMemory allocated: 9780000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMemory allocated: A780000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMemory allocated: 1600000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMemory allocated: 30F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMemory allocated: 1630000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeWindow / User API: threadDelayed 912Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeWindow / User API: threadDelayed 3566Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeWindow / User API: threadDelayed 2205Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeWindow / User API: threadDelayed 780Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeWindow / User API: threadDelayed 444Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeWindow / User API: threadDelayed 2742Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3548Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -9223372036854770s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 4088Thread sleep count: 912 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -99874s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 4088Thread sleep count: 3566 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -99765s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -99656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -99546s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -99437s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -99328s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -99218s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -99109s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -98996s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -98890s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -98781s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -98668s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -98562s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -98453s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -98343s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -98233s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -98125s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -98015s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -97906s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -97796s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -97687s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe TID: 3896Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 5680Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3640Thread sleep time: -11068046444225724s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3640Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 5928Thread sleep count: 2205 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3640Thread sleep time: -99890s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 5928Thread sleep count: 780 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3640Thread sleep time: -99777s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3640Thread sleep time: -99672s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3640Thread sleep time: -99559s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3640Thread sleep time: -99453s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3640Thread sleep time: -99287s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3640Thread sleep time: -99146s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3640Thread sleep time: -99016s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3640Thread sleep time: -98906s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3640Thread sleep time: -98796s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3640Thread sleep time: -98687s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3640Thread sleep time: -98577s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3640Thread sleep time: -98469s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3640Thread sleep time: -98344s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3640Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 828Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3080Thread sleep time: -8301034833169293s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3080Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 1836Thread sleep count: 444 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 1836Thread sleep count: 2742 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3080Thread sleep time: -99890s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3080Thread sleep time: -99781s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3080Thread sleep time: -99672s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3080Thread sleep time: -99563s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3080Thread sleep time: -99438s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3080Thread sleep time: -99313s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3080Thread sleep time: -99203s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3080Thread sleep time: -99094s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3080Thread sleep time: -98953s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3080Thread sleep time: -98844s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3080Thread sleep time: -98734s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3080Thread sleep time: -98625s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3080Thread sleep time: -98516s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3080Thread sleep time: -98406s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3080Thread sleep time: -98297s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe TID: 3080Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 99874Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 99765Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 99656Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 99546Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 99437Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 99328Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 99218Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 99109Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 98996Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 98890Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 98781Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 98668Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 98562Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 98453Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 98343Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 98233Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 98125Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 98015Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 97906Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 97796Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 97687Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 99890Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 99777Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 99672Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 99559Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 99453Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 99287Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 99146Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 99016Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 98906Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 98796Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 98687Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 98577Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 98469Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 98344Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 99890Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 99781Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 99672Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 99563Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 99438Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 99313Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 99203Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 99094Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 98953Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 98844Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 98734Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 98625Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 98516Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 98406Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 98297Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: GrOcCQC.exe, 00000006.00000002.3344090669.0000000005E80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllYP
                    Source: GrOcCQC.exe, 00000008.00000002.3328584752.0000000003125000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                    Source: Reiven RFQ-27-05-2024.exe, 00000003.00000002.3324165254.0000000000A1E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllz
                    Source: GrOcCQC.exe, 00000008.00000002.3328584752.0000000003125000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                    Source: Reiven RFQ-27-05-2024.exe, 00000000.00000002.2091795003.0000000003E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMwareVBoxESelect * from Win32_ComputerSystem
                    Source: GrOcCQC.exe, 00000008.00000002.3324461460.000000000143E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeCode function: 3_2_00EE70E0 CheckRemoteDebuggerPresent,3_2_00EE70E0
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeMemory written: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMemory written: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeMemory written: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeProcess created: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe "C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess created: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe "C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeProcess created: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe "C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeQueries volume information: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeQueries volume information: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeQueries volume information: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeQueries volume information: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeQueries volume information: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeQueries volume information: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Reiven RFQ-27-05-2024.exe.3eaee00.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Reiven RFQ-27-05-2024.exe.3eaee00.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000008.00000002.3328584752.0000000003152000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.3328316664.0000000002A05000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.3328316664.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.3328316664.0000000002A32000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3329095685.0000000002A15000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3329095685.0000000002A66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.3328584752.0000000003176000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3329095685.0000000002A42000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.3328584752.0000000003125000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2091795003.0000000003E3E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Reiven RFQ-27-05-2024.exe PID: 1404, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Reiven RFQ-27-05-2024.exe PID: 5732, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: GrOcCQC.exe PID: 3940, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: GrOcCQC.exe PID: 3548, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: Yara matchFile source: 0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Reiven RFQ-27-05-2024.exe.3eaee00.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Reiven RFQ-27-05-2024.exe.3eaee00.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.3328316664.0000000002A05000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3329095685.0000000002A15000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.3328584752.0000000003125000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2091795003.0000000003E3E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Reiven RFQ-27-05-2024.exe PID: 1404, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Reiven RFQ-27-05-2024.exe PID: 5732, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: GrOcCQC.exe PID: 3940, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: GrOcCQC.exe PID: 3548, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Reiven RFQ-27-05-2024.exe.3eaee00.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Reiven RFQ-27-05-2024.exe.3eaee00.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Reiven RFQ-27-05-2024.exe.3e3e5e0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000008.00000002.3328584752.0000000003152000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.3328316664.0000000002A05000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.3328316664.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.3328316664.0000000002A32000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3329095685.0000000002A15000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3329095685.0000000002A66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.3328584752.0000000003176000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3329095685.0000000002A42000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.3328584752.0000000003125000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2091795003.0000000003E3E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Reiven RFQ-27-05-2024.exe PID: 1404, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Reiven RFQ-27-05-2024.exe PID: 5732, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: GrOcCQC.exe PID: 3940, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: GrOcCQC.exe PID: 3548, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts231
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/Job1
                    Registry Run Keys / Startup Folder                    		111
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		1
                    Input Capture                    		34
                    System Information Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		1
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    Registry Run Keys / Startup Folder                    		2
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		1
                    Query Registry                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                    Software Packing                    		NTDS631
                    Security Software Discovery                    		Distributed Component Object Model1
                    Input Capture                    		2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets1
                    Process Discovery                    		SSHKeylogging12
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading                    		Cached Domain Credentials261
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items261
                    Virtualization/Sandbox Evasion                    		DCSync1
                    Application Window Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job111
                    Process Injection                    		Proc Filesystem1
                    System Network Configuration Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                    Hidden Files and Directories                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1447832 Sample: Reiven RFQ-27-05-2024.exe Startdate: 27/05/2024 Architecture: WINDOWS Score: 100 27 mail.medicalhome.com.pe 2->27 29 ip-api.com 2->29 31 medicalhome.com.pe 2->31 47 Found malware configuration 2->47 49 Malicious sample detected (through community Yara rule) 2->49 51 Multi AV Scanner detection for submitted file 2->51 53 13 other signatures 2->53 7 Reiven RFQ-27-05-2024.exe 3 2->7         started        10 GrOcCQC.exe 3 2->10         started        12 GrOcCQC.exe 2 2->12         started        signatures3 process4 signatures5 55 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->55 57 Injects a PE file into a foreign processes 7->57 14 Reiven RFQ-27-05-2024.exe 16 5 7->14         started        59 Multi AV Scanner detection for dropped file 10->59 61 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 10->61 63 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 10->63 65 Machine Learning detection for dropped file 10->65 19 GrOcCQC.exe 14 2 10->19         started        21 GrOcCQC.exe 2 12->21         started        process6 dnsIp7 33 ip-api.com 208.95.112.1, 49703, 49709, 49717 TUT-ASUS United States 14->33 35 medicalhome.com.pe 144.217.159.195, 49705, 49713, 49718 OVHFR Canada 14->35 23 C:\Users\user\AppData\Roaming\...behaviorgraphrOcCQC.exe, PE32 14->23 dropped 25 C:\Users\user\...behaviorgraphrOcCQC.exe:Zone.Identifier, ASCII 14->25 dropped 37 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 14->37 39 Tries to steal Mail credentials (via file / registry access) 14->39 41 Hides that the sample has been downloaded from the Internet (zone.identifier) 14->41 43 Tries to harvest and steal ftp login credentials 21->43 45 Tries to harvest and steal browser information (history, passwords, etc) 21->45 file8 signatures9

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Reiven RFQ-27-05-2024.exe32%ReversingLabsByteCode-MSIL.Trojan.Barys
                    Reiven RFQ-27-05-2024.exe55%VirustotalBrowse
                    Reiven RFQ-27-05-2024.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe32%ReversingLabsByteCode-MSIL.Trojan.Barys
                    C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe55%VirustotalBrowse

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    ip-api.com0%VirustotalBrowse
                    medicalhome.com.pe0%VirustotalBrowse
                    mail.medicalhome.com.pe2%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    https://account.dyn.com/0%URL Reputationsafe
                    http://x1.c.lencr.org/00%URL Reputationsafe
                    http://x1.i.lencr.org/00%URL Reputationsafe
                    http://ip-api.com0%URL Reputationsafe
                    http://r3.o.lencr.org00%URL Reputationsafe
                    http://r3.o.lencr.org00%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe
                    http://ip-api.com/line/?fields=hosting0%URL Reputationsafe
                    http://ip-api.com/line/?fields=hosting30%Avira URL Cloudsafe
                    http://r3.i.lencr.org/030%Avira URL Cloudsafe
                    http://mail.medicalhome.com.pe0%Avira URL Cloudsafe
                    http://feeds.soundcloud.com/users/soundcloud:users:38128127/sounds.rss0%Avira URL Cloudsafe
                    http://r3.i.lencr.org/030%VirustotalBrowse
                    http://medicalhome.com.pe0%Avira URL Cloudsafe
                    http://mail.medicalhome.com.pe2%VirustotalBrowse
                    http://medicalhome.com.pe0%VirustotalBrowse
                    http://feeds.soundcloud.com/users/soundcloud:users:38128127/sounds.rss0%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    ip-api.com
                    		208.95.112.1
                    		truetrueunknown
                    medicalhome.com.pe
                    		144.217.159.195
                    		truefalseunknown
                    mail.medicalhome.com.pe
                    		unknown
                    		unknowntrueunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://ip-api.com/line/?fields=hostingfalse
                    • URL Reputation: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://mail.medicalhome.com.peReiven RFQ-27-05-2024.exe, 00000003.00000002.3328316664.0000000002A32000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3329095685.0000000002A42000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3328584752.0000000003152000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 2%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://ip-api.com/line/?fields=hosting3Reiven RFQ-27-05-2024.exe, 00000003.00000002.3324165254.0000000000A1E000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://account.dyn.com/Reiven RFQ-27-05-2024.exe, 00000000.00000002.2091795003.0000000003E3E000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://x1.c.lencr.org/0Reiven RFQ-27-05-2024.exe, 00000003.00000002.3344814375.0000000006182000.00000004.00000020.00020000.00000000.sdmp, Reiven RFQ-27-05-2024.exe, 00000003.00000002.3324165254.0000000000A1E000.00000004.00000020.00020000.00000000.sdmp, Reiven RFQ-27-05-2024.exe, 00000003.00000002.3328316664.0000000002A32000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3344090669.0000000005E80000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3324292845.0000000000DA2000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3329095685.0000000002A42000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3324292845.0000000000D74000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.00000000013DF000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.000000000141C000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3328584752.0000000003152000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.0000000001360000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://x1.i.lencr.org/0Reiven RFQ-27-05-2024.exe, 00000003.00000002.3344814375.0000000006182000.00000004.00000020.00020000.00000000.sdmp, Reiven RFQ-27-05-2024.exe, 00000003.00000002.3324165254.0000000000A1E000.00000004.00000020.00020000.00000000.sdmp, Reiven RFQ-27-05-2024.exe, 00000003.00000002.3328316664.0000000002A32000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3344090669.0000000005E80000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3324292845.0000000000DA2000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3329095685.0000000002A42000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3324292845.0000000000D74000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.00000000013DF000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.000000000141C000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3328584752.0000000003152000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.0000000001360000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://r3.i.lencr.org/03Reiven RFQ-27-05-2024.exe, 00000003.00000002.3324165254.0000000000A1E000.00000004.00000020.00020000.00000000.sdmp, Reiven RFQ-27-05-2024.exe, 00000003.00000002.3328316664.0000000002A32000.00000004.00000800.00020000.00000000.sdmp, Reiven RFQ-27-05-2024.exe, 00000003.00000002.3324165254.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3344090669.0000000005E80000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3324292845.0000000000DA2000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3329095685.0000000002A42000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.00000000013DF000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.000000000141C000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3344368416.00000000065B0000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3328584752.0000000003152000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.000000000143E000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://ip-api.comReiven RFQ-27-05-2024.exe, 00000003.00000002.3328316664.00000000029D1000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3329095685.00000000029EC000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3328584752.00000000030F1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://r3.o.lencr.org0Reiven RFQ-27-05-2024.exe, 00000003.00000002.3324165254.0000000000A1E000.00000004.00000020.00020000.00000000.sdmp, Reiven RFQ-27-05-2024.exe, 00000003.00000002.3328316664.0000000002A32000.00000004.00000800.00020000.00000000.sdmp, Reiven RFQ-27-05-2024.exe, 00000003.00000002.3324165254.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3344090669.0000000005E80000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3324292845.0000000000DA2000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3329095685.0000000002A42000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.00000000013DF000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.000000000141C000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3344368416.00000000065B0000.00000004.00000020.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3328584752.0000000003152000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3324461460.000000000143E000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://medicalhome.com.peReiven RFQ-27-05-2024.exe, 00000003.00000002.3328316664.0000000002A32000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3329095685.0000000002A42000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3328584752.0000000003152000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://feeds.soundcloud.com/users/soundcloud:users:38128127/sounds.rssReiven RFQ-27-05-2024.exe, GrOcCQC.exe.3.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameReiven RFQ-27-05-2024.exe, 00000003.00000002.3328316664.00000000029D1000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000006.00000002.3329095685.00000000029EC000.00000004.00000800.00020000.00000000.sdmp, GrOcCQC.exe, 00000008.00000002.3328584752.00000000030F1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.chiark.greenend.org.uk/~sgtatham/putty/0Reiven RFQ-27-05-2024.exe, GrOcCQC.exe.3.drfalse
                    • URL Reputation: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    208.95.112.1
                    		ip-api.comUnited States
                    		53334TUT-ASUStrue
                    144.217.159.195
                    		medicalhome.com.peCanada
                    		16276OVHFRfalse

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1447832
                    Start date and time:2024-05-27 08:59:09 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 8m 45s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:11
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:Reiven RFQ-27-05-2024.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@9/4@2/2
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 98%
                    • Number of executed functions: 494
                    • Number of non-executed functions: 10
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size exceeded maximum capacity and may have missing disassembly code.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    02:59:54API Interceptor23x Sleep call for process: Reiven RFQ-27-05-2024.exe modified
                    03:00:09API Interceptor33x Sleep call for process: GrOcCQC.exe modified
                    09:00:00AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run GrOcCQC C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe
                    09:00:08AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run GrOcCQC C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    208.95.112.1ev1NIvTd6f.exeGet hashmaliciousUnknownBrowse
                    • /json/
                    https://mega.nz/file/wncXiYhZ#ABJEpmoiGH0hIeVVKQy7V_ALtGclDnJ4rFrDjwZ8kDEGet hashmaliciousDCRatBrowse
                    • ip-api.com/line/?fields=hosting
                    uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                    • ip-api.com/line/?fields=hosting
                    uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                    • ip-api.com/line/?fields=hosting
                    SecuriteInfo.com.FileRepMalware.1834.13764.exeGet hashmaliciousDiscord Token Stealer, XWormBrowse
                    • ip-api.com/line/?fields=hosting
                    NFs_468.msiGet hashmaliciousVMdetectBrowse
                    • ip-api.com/json/
                    z23mypdfscanner-invoice3535.batGet hashmaliciousAgentTeslaBrowse
                    • ip-api.com/line/?fields=hosting
                    2aFb7hE00o.exeGet hashmaliciousAgentTeslaBrowse
                    • ip-api.com/line/?fields=hosting
                    documentos.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                    • ip-api.com/line/?fields=hosting
                    6743.pdf.exeGet hashmaliciousAgentTeslaBrowse
                    • ip-api.com/line/?fields=hosting
                    144.217.159.195MOLEX 436500304-10000.exeGet hashmaliciousAgentTeslaBrowse
                      DA14680-01F08A92 24K.exeGet hashmaliciousAgentTeslaBrowse
                        SKIIP 83EC125T1 22-0-05-24RQ.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                          Purchase Order - PO24108267.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                            TYPE_C_31_M_12 TAMAR 25.4.2024.exeGet hashmaliciousAgentTeslaBrowse
                              Xg0ZBjPKvb.exeGet hashmaliciousAgentTeslaBrowse
                                assento 555 pro-Model-2.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                  FLUKE 810 vibration Tester.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                    PIC12F1501-ESN MICROCHIP#U00a050000PCS.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                      HISHI PLATE 102E_Salan PVC Welding Rod.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        ip-api.comev1NIvTd6f.exeGet hashmaliciousUnknownBrowse
                                        • 208.95.112.1
                                        https://mega.nz/file/wncXiYhZ#ABJEpmoiGH0hIeVVKQy7V_ALtGclDnJ4rFrDjwZ8kDEGet hashmaliciousDCRatBrowse
                                        • 208.95.112.1
                                        uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                                        • 208.95.112.1
                                        uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                                        • 208.95.112.1
                                        SecuriteInfo.com.FileRepMalware.1834.13764.exeGet hashmaliciousDiscord Token Stealer, XWormBrowse
                                        • 208.95.112.1
                                        NFs_468.msiGet hashmaliciousVMdetectBrowse
                                        • 208.95.112.1
                                        z23mypdfscanner-invoice3535.batGet hashmaliciousAgentTeslaBrowse
                                        • 208.95.112.1
                                        2aFb7hE00o.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.95.112.1
                                        documentos.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                        • 208.95.112.1
                                        6743.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.95.112.1

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        OVHFRhttps://uncovered-fragrant-climb.glitch.me/public/eleventy.js.htmlGet hashmaliciousHTMLPhisherBrowse
                                        • 54.36.150.183
                                        cVxP229sNF.elfGet hashmaliciousUnknownBrowse
                                        • 54.38.100.56
                                        ZVQBodhgp1.elfGet hashmaliciousMirai, MoobotBrowse
                                        • 178.32.95.200
                                        boost.exeGet hashmaliciousNovaSentinelBrowse
                                        • 151.80.29.83
                                        SecuriteInfo.com.Win64.Malware-gen.22846.13203.exeGet hashmaliciousUnknownBrowse
                                        • 51.79.185.26
                                        SecuriteInfo.com.Win64.Malware-gen.22846.13203.exeGet hashmaliciousUnknownBrowse
                                        • 51.79.185.26
                                        la.bot.arm7.elfGet hashmaliciousUnknownBrowse
                                        • 51.178.83.31
                                        http://delicious-decorous-army.glitch.me/public/RRENFCONL0.HTMLGet hashmaliciousHTMLPhisherBrowse
                                        • 54.36.150.187
                                        https://bitly.cx/LmuIzGet hashmaliciousUnknownBrowse
                                        • 51.38.157.251
                                        https://steamcomnumitly.com/get/spring/afaFJ4a/50Get hashmaliciousUnknownBrowse
                                        • 51.38.157.251
                                        TUT-ASUSev1NIvTd6f.exeGet hashmaliciousUnknownBrowse
                                        • 208.95.112.1
                                        https://mega.nz/file/wncXiYhZ#ABJEpmoiGH0hIeVVKQy7V_ALtGclDnJ4rFrDjwZ8kDEGet hashmaliciousDCRatBrowse
                                        • 208.95.112.1
                                        uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                                        • 208.95.112.1
                                        uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                                        • 208.95.112.1
                                        SecuriteInfo.com.FileRepMalware.1834.13764.exeGet hashmaliciousDiscord Token Stealer, XWormBrowse
                                        • 208.95.112.1
                                        NFs_468.msiGet hashmaliciousVMdetectBrowse
                                        • 208.95.112.1
                                        z23mypdfscanner-invoice3535.batGet hashmaliciousAgentTeslaBrowse
                                        • 208.95.112.1
                                        2aFb7hE00o.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.95.112.1
                                        documentos.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                        • 208.95.112.1
                                        6743.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.95.112.1

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\GrOcCQC.exe.log

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):1216
                                        Entropy (8bit):5.34331486778365
                                        Encrypted:false
                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                        MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                        SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                        SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                        SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                        Malicious:false
                                        Reputation:high, very likely benign file
                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Reiven RFQ-27-05-2024.exe.log

                                        Download File
                                        Process:C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):1216
                                        Entropy (8bit):5.34331486778365
                                        Encrypted:false
                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                        MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                        SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                        SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                        SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                        Malicious:false
                                        Reputation:high, very likely benign file
                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                        C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe

                                        Download File
                                        Process:C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):890376
                                        Entropy (8bit):7.97474104992609
                                        Encrypted:false
                                        SSDEEP:12288:xuArYCFd6x8x6LIfFg2Lj1+IQmLoaZC3+t+1Cz/ZE6rjl6h9UjYYOcvHRS1BFLtH:p81x7LYgQ6mXMMD/frjlpnPvHItthTF
                                        MD5:8696F9EBBC79CF408D4FF3A138719580
                                        SHA1:5DBCBF3C2D193EF88902E57A4959773D3A6E888D
                                        SHA-256:E0046A68ADC340B6AE02F1C8924316DD2B914E38F80DF71B3453E65D23D58999
                                        SHA-512:9F5143EE3B2E0CF5D403E53F48A5A8F9AD08C781E773797DC293D1A7F87A9A336910E7B1BB8589E40B8020B9257C8F509E81B23D09F8B00883977570F098AEB1
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 32%
                                        • Antivirus: Virustotal, Detection: 55%, Browse
                                        Reputation:low
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Sf..............0..@..........._... ...`....@.. ....................................@..................................^..O....`...............`...6........................................................... ............... ..H............text... ?... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............^..............@..B.................^......H........S...<......D......................................................}.....(.......(......{.....o.....*....0...........s#.....o.....*..0..F.........{....o....(....-..{....o.......+....,...{....o......+..r...p(....&.*...0..8.........u.......2o.....sH....s9......{....o....oF......o.....*r..{.....o......{.....o ....*....0............{.....o .....o!........,..rk..p.o!...o"...(#...(....&.+[..o$........,A..o$...t......{.....o<...o%.....{.....o>...o%.....{.....o&.....+.ry..p(.

                                        C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe:Zone.Identifier

                                        Download File
                                        Process:C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:modified
                                        Size (bytes):26
                                        Entropy (8bit):3.95006375643621
                                        Encrypted:false
                                        SSDEEP:3:ggPYV:rPYV
                                        MD5:187F488E27DB4AF347237FE461A079AD
                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                        Malicious:true
                                        Reputation:high, very likely benign file
                                        Preview:[ZoneTransfer]....ZoneId=0

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Entropy (8bit):7.97474104992609
                                        TrID:
                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                                        • Win32 Executable (generic) a (10002005/4) 49.93%
                                        • Windows Screen Saver (13104/52) 0.07%
                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                        • DOS Executable Generic (2002/1) 0.01%
                                        File name:Reiven RFQ-27-05-2024.exe
                                        File size:890'376 bytes
                                        MD5:8696f9ebbc79cf408d4ff3a138719580
                                        SHA1:5dbcbf3c2d193ef88902e57a4959773d3a6e888d
                                        SHA256:e0046a68adc340b6ae02f1c8924316dd2b914e38f80df71b3453e65d23d58999
                                        SHA512:9f5143ee3b2e0cf5d403e53f48a5a8f9ad08c781e773797dc293d1a7f87a9a336910e7b1bb8589e40b8020b9257c8f509e81b23d09f8b00883977570f098aeb1
                                        SSDEEP:12288:xuArYCFd6x8x6LIfFg2Lj1+IQmLoaZC3+t+1Cz/ZE6rjl6h9UjYYOcvHRS1BFLtH:p81x7LYgQ6mXMMD/frjlpnPvHItthTF
                                        TLSH:EE15239831B9C334C13A5BF02CC08964473ACE577961DB5A1DE1B2DA1AB1F64423BE9F
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Sf..............0..@..........._... ...`....@.. ....................................@................................

                                        File Icon

                                        Icon Hash:040917344b4fd9cd

                                        Static PE Info

                                        General

                                        Entrypoint:0x4d5f1a
                                        Entrypoint Section:.text
                                        Digitally signed:true
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                        Time Stamp:0x6653E01F [Mon May 27 01:21:35 2024 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                        Authenticode Signature

                                        Signature Valid:false
                                        Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                        Signature Validation Error:The digital signature of the object did not verify
                                        Error Number:-2146869232
                                        Not Before, Not After
                                        • 13/11/2018 01:00:00 09/11/2021 00:59:59
                                        Subject Chain
                                        • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                                        Version:3
                                        Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                                        Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                                        Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                                        Serial:7C1118CBBADC95DA3752C46E47A27438

                                        Entrypoint Preview

                                        Instruction
                                        jmp dword ptr [00402000h]
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xd5ec80x4f.text
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xd60000x1ad0.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0xd60000x3608
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xd80000xc.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x20000xd3f200xd40000d4375af5fd0f02c3a8f508ad4a1e4d4False0.9743905697228774data7.979508501795828IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rsrc0xd60000x1ad00x1c009ebefdb318e87b49dff7bd00df8e1637False0.8145926339285714data7.216010291992026IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0xd80000xc0x200672b5e93a748b00d15380152e673975fFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        RT_ICON0xd61000x144dPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9694054262074273
                                        RT_GROUP_ICON0xd75600x14data1.05
                                        RT_VERSION0xd75840x34cdata0.42298578199052134
                                        RT_MANIFEST0xd78e00x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                        Imports

                                        DLLImport
                                        mscoree.dll_CorExeMain

                                        Network Behavior

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        May 27, 2024 08:59:57.409663916 CEST4970380192.168.2.6208.95.112.1
                                        May 27, 2024 08:59:57.414586067 CEST8049703208.95.112.1192.168.2.6
                                        May 27, 2024 08:59:57.414674044 CEST4970380192.168.2.6208.95.112.1
                                        May 27, 2024 08:59:57.415414095 CEST4970380192.168.2.6208.95.112.1
                                        May 27, 2024 08:59:57.420331001 CEST8049703208.95.112.1192.168.2.6
                                        May 27, 2024 08:59:57.926552057 CEST8049703208.95.112.1192.168.2.6
                                        May 27, 2024 08:59:57.980868101 CEST4970380192.168.2.6208.95.112.1
                                        May 27, 2024 08:59:59.108217001 CEST49705587192.168.2.6144.217.159.195
                                        May 27, 2024 08:59:59.113168001 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 08:59:59.113250971 CEST49705587192.168.2.6144.217.159.195
                                        May 27, 2024 08:59:59.693351984 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 08:59:59.693574905 CEST49705587192.168.2.6144.217.159.195
                                        May 27, 2024 08:59:59.698584080 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 08:59:59.799110889 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 08:59:59.799277067 CEST49705587192.168.2.6144.217.159.195
                                        May 27, 2024 08:59:59.804342031 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 08:59:59.905920029 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 08:59:59.912858009 CEST49705587192.168.2.6144.217.159.195
                                        May 27, 2024 08:59:59.917803049 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.024040937 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.024056911 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.024199963 CEST49705587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:00.024410009 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.024478912 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.024547100 CEST49705587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:00.040560961 CEST49705587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:00.045675039 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.146989107 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.162951946 CEST49705587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:00.168190002 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.268829107 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.269953012 CEST49705587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:00.274878025 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.388577938 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.389065027 CEST49705587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:00.394022942 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.552501917 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.552891970 CEST49705587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:00.558099985 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.661539078 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.661955118 CEST49705587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:00.666860104 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.772077084 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.772352934 CEST49705587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:00.777628899 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.878207922 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.878979921 CEST49705587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:00.879039049 CEST49705587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:00.879065990 CEST49705587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:00.879084110 CEST49705587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:00.883872986 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.883948088 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.884011030 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.884023905 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:00.995954037 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:01.043479919 CEST49705587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:13.147270918 CEST4970980192.168.2.6208.95.112.1
                                        May 27, 2024 09:00:13.153109074 CEST8049709208.95.112.1192.168.2.6
                                        May 27, 2024 09:00:13.153196096 CEST4970980192.168.2.6208.95.112.1
                                        May 27, 2024 09:00:13.153723001 CEST4970980192.168.2.6208.95.112.1
                                        May 27, 2024 09:00:13.158793926 CEST8049709208.95.112.1192.168.2.6
                                        May 27, 2024 09:00:13.640522003 CEST8049709208.95.112.1192.168.2.6
                                        May 27, 2024 09:00:13.731070042 CEST4970980192.168.2.6208.95.112.1
                                        May 27, 2024 09:00:14.203037977 CEST49713587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:14.208364010 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:14.208483934 CEST49713587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:14.710580111 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:14.710896969 CEST49713587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:14.715909004 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:14.814059973 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:14.818152905 CEST49713587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:14.823282957 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:14.921555996 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:14.944060087 CEST49713587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:14.949115038 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:15.062067986 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:15.062108994 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:15.062123060 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:15.062195063 CEST49713587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:15.068109989 CEST49713587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:15.073080063 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:15.171132088 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:15.185004950 CEST49713587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:15.190474033 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:15.287936926 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:15.288343906 CEST49713587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:15.293308020 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:15.391191006 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:15.391491890 CEST49713587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:15.396703005 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:15.517035961 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:15.517421961 CEST49713587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:15.522530079 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:15.621323109 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:15.622571945 CEST49713587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:15.627509117 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:15.729998112 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:15.730349064 CEST49713587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:15.735776901 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:15.833543062 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:15.834244013 CEST49713587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:15.834244013 CEST49713587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:15.834244967 CEST49713587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:15.834244967 CEST49713587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:15.839675903 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:15.839721918 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:15.839780092 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:15.839807987 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:15.949708939 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:16.090373993 CEST49713587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:18.918104887 CEST4971780192.168.2.6208.95.112.1
                                        May 27, 2024 09:00:18.923505068 CEST8049717208.95.112.1192.168.2.6
                                        May 27, 2024 09:00:18.923605919 CEST4971780192.168.2.6208.95.112.1
                                        May 27, 2024 09:00:18.923854113 CEST4971780192.168.2.6208.95.112.1
                                        May 27, 2024 09:00:18.928772926 CEST8049717208.95.112.1192.168.2.6
                                        May 27, 2024 09:00:19.419364929 CEST8049717208.95.112.1192.168.2.6
                                        May 27, 2024 09:00:19.465249062 CEST4971780192.168.2.6208.95.112.1
                                        May 27, 2024 09:00:19.894470930 CEST49718587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:19.899750948 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:19.900751114 CEST49718587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:20.449949980 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:20.450181961 CEST49718587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:20.455127954 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:20.556539059 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:20.556797981 CEST49718587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:20.561819077 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:20.663624048 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:20.667119026 CEST49718587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:20.672132015 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:20.777972937 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:20.778006077 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:20.778039932 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:20.778064966 CEST49718587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:20.778073072 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:20.778121948 CEST49718587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:20.790777922 CEST49718587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:20.795725107 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:20.899988890 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:20.916609049 CEST49718587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:20.921778917 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:21.023082018 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:21.023353100 CEST49718587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:21.028311014 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:21.129729033 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:21.130315065 CEST49718587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:21.135581970 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:21.243521929 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:21.243730068 CEST49718587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:21.248675108 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:21.350151062 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:21.350302935 CEST49718587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:21.355231047 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:21.460941076 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:21.461143017 CEST49718587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:21.466525078 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:21.567595005 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:21.568170071 CEST49718587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:21.568213940 CEST49718587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:21.568243980 CEST49718587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:21.568243980 CEST49718587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:21.573529959 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:21.573560953 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:21.573611975 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:21.573647022 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:21.686193943 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:00:21.730849981 CEST49718587192.168.2.6144.217.159.195
                                        May 27, 2024 09:00:48.590576887 CEST4970380192.168.2.6208.95.112.1
                                        May 27, 2024 09:00:48.599939108 CEST8049703208.95.112.1192.168.2.6
                                        May 27, 2024 09:00:48.600094080 CEST4970380192.168.2.6208.95.112.1
                                        May 27, 2024 09:01:05.925389051 CEST4970980192.168.2.6208.95.112.1
                                        May 27, 2024 09:01:05.930886030 CEST8049709208.95.112.1192.168.2.6
                                        May 27, 2024 09:01:05.930962086 CEST4970980192.168.2.6208.95.112.1
                                        May 27, 2024 09:01:09.903582096 CEST4971780192.168.2.6208.95.112.1
                                        May 27, 2024 09:01:10.141733885 CEST8049717208.95.112.1192.168.2.6
                                        May 27, 2024 09:01:10.141825914 CEST4971780192.168.2.6208.95.112.1
                                        May 27, 2024 09:01:38.606153011 CEST49705587192.168.2.6144.217.159.195
                                        May 27, 2024 09:01:38.611454010 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:01:38.712414980 CEST58749705144.217.159.195192.168.2.6
                                        May 27, 2024 09:01:38.718159914 CEST49705587192.168.2.6144.217.159.195
                                        May 27, 2024 09:01:55.934576035 CEST49713587192.168.2.6144.217.159.195
                                        May 27, 2024 09:01:55.939716101 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:01:56.038336039 CEST58749713144.217.159.195192.168.2.6
                                        May 27, 2024 09:01:56.046907902 CEST49713587192.168.2.6144.217.159.195
                                        May 27, 2024 09:01:59.918745041 CEST49718587192.168.2.6144.217.159.195
                                        May 27, 2024 09:01:59.925033092 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:02:00.026906013 CEST58749718144.217.159.195192.168.2.6
                                        May 27, 2024 09:02:00.035959959 CEST49718587192.168.2.6144.217.159.195

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        May 27, 2024 08:59:57.396080017 CEST5021253192.168.2.61.1.1.1
                                        May 27, 2024 08:59:57.404371023 CEST53502121.1.1.1192.168.2.6
                                        May 27, 2024 08:59:58.591655970 CEST6221853192.168.2.61.1.1.1
                                        May 27, 2024 08:59:59.106977940 CEST53622181.1.1.1192.168.2.6

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        May 27, 2024 08:59:57.396080017 CEST192.168.2.61.1.1.10xafdbStandard query (0)ip-api.comA (IP address)IN (0x0001)false
                                        May 27, 2024 08:59:58.591655970 CEST192.168.2.61.1.1.10x7899Standard query (0)mail.medicalhome.com.peA (IP address)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        May 27, 2024 08:59:57.404371023 CEST1.1.1.1192.168.2.60xafdbNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                        May 27, 2024 08:59:59.106977940 CEST1.1.1.1192.168.2.60x7899No error (0)mail.medicalhome.com.pemedicalhome.com.peCNAME (Canonical name)IN (0x0001)false
                                        May 27, 2024 08:59:59.106977940 CEST1.1.1.1192.168.2.60x7899No error (0)medicalhome.com.pe144.217.159.195A (IP address)IN (0x0001)false

                                        HTTP Request Dependency Graph

                                        • ip-api.com

                                        HTTP Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.649703208.95.112.1805732C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe
                                        TimestampBytes transferredDirectionData
                                        May 27, 2024 08:59:57.415414095 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                                        Host: ip-api.com
                                        Connection: Keep-Alive
                                        May 27, 2024 08:59:57.926552057 CEST175INHTTP/1.1 200 OK
                                        Date: Mon, 27 May 2024 06:59:57 GMT
                                        Content-Type: text/plain; charset=utf-8
                                        Content-Length: 6
                                        Access-Control-Allow-Origin: *
                                        X-Ttl: 60
                                        X-Rl: 44
                                        Data Raw: 66 61 6c 73 65 0a
                                        Data Ascii: false


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.2.649709208.95.112.1803940C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe
                                        TimestampBytes transferredDirectionData
                                        May 27, 2024 09:00:13.153723001 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                                        Host: ip-api.com
                                        Connection: Keep-Alive
                                        May 27, 2024 09:00:13.640522003 CEST175INHTTP/1.1 200 OK
                                        Date: Mon, 27 May 2024 07:00:13 GMT
                                        Content-Type: text/plain; charset=utf-8
                                        Content-Length: 6
                                        Access-Control-Allow-Origin: *
                                        X-Ttl: 44
                                        X-Rl: 43
                                        Data Raw: 66 61 6c 73 65 0a
                                        Data Ascii: false


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        2192.168.2.649717208.95.112.1803548C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe
                                        TimestampBytes transferredDirectionData
                                        May 27, 2024 09:00:18.923854113 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                                        Host: ip-api.com
                                        Connection: Keep-Alive
                                        May 27, 2024 09:00:19.419364929 CEST175INHTTP/1.1 200 OK
                                        Date: Mon, 27 May 2024 07:00:19 GMT
                                        Content-Type: text/plain; charset=utf-8
                                        Content-Length: 6
                                        Access-Control-Allow-Origin: *
                                        X-Ttl: 38
                                        X-Rl: 42
                                        Data Raw: 66 61 6c 73 65 0a
                                        Data Ascii: false


                                        SMTP Packets

                                        TimestampSource PortDest PortSource IPDest IPCommands
                                        May 27, 2024 08:59:59.693351984 CEST58749705144.217.159.195192.168.2.6220-server.rozpalsac.com ESMTP Exim 4.96 #2 Mon, 27 May 2024 06:59:59 +0000
                                        220-We do not authorize the use of this system to transport unsolicited,
                                        220 and/or bulk e-mail.
                                        May 27, 2024 08:59:59.693574905 CEST49705587192.168.2.6144.217.159.195EHLO 528110
                                        May 27, 2024 08:59:59.799110889 CEST58749705144.217.159.195192.168.2.6250-server.rozpalsac.com Hello 528110 [8.46.123.175]
                                        250-SIZE 52428800
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-PIPECONNECT
                                        250-STARTTLS
                                        250 HELP
                                        May 27, 2024 08:59:59.799277067 CEST49705587192.168.2.6144.217.159.195STARTTLS
                                        May 27, 2024 08:59:59.905920029 CEST58749705144.217.159.195192.168.2.6220 TLS go ahead
                                        May 27, 2024 09:00:14.710580111 CEST58749713144.217.159.195192.168.2.6220-server.rozpalsac.com ESMTP Exim 4.96 #2 Mon, 27 May 2024 07:00:14 +0000
                                        220-We do not authorize the use of this system to transport unsolicited,
                                        220 and/or bulk e-mail.
                                        May 27, 2024 09:00:14.710896969 CEST49713587192.168.2.6144.217.159.195EHLO 528110
                                        May 27, 2024 09:00:14.814059973 CEST58749713144.217.159.195192.168.2.6250-server.rozpalsac.com Hello 528110 [8.46.123.175]
                                        250-SIZE 52428800
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-PIPECONNECT
                                        250-STARTTLS
                                        250 HELP
                                        May 27, 2024 09:00:14.818152905 CEST49713587192.168.2.6144.217.159.195STARTTLS
                                        May 27, 2024 09:00:14.921555996 CEST58749713144.217.159.195192.168.2.6220 TLS go ahead
                                        May 27, 2024 09:00:20.449949980 CEST58749718144.217.159.195192.168.2.6220-server.rozpalsac.com ESMTP Exim 4.96 #2 Mon, 27 May 2024 07:00:20 +0000
                                        220-We do not authorize the use of this system to transport unsolicited,
                                        220 and/or bulk e-mail.
                                        May 27, 2024 09:00:20.450181961 CEST49718587192.168.2.6144.217.159.195EHLO 528110
                                        May 27, 2024 09:00:20.556539059 CEST58749718144.217.159.195192.168.2.6250-server.rozpalsac.com Hello 528110 [8.46.123.175]
                                        250-SIZE 52428800
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-PIPECONNECT
                                        250-STARTTLS
                                        250 HELP
                                        May 27, 2024 09:00:20.556797981 CEST49718587192.168.2.6144.217.159.195STARTTLS
                                        May 27, 2024 09:00:20.663624048 CEST58749718144.217.159.195192.168.2.6220 TLS go ahead

                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:02:59:54
                                        Start date:27/05/2024
                                        Path:C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe"
                                        Imagebase:0x7e0000
                                        File size:890'376 bytes
                                        MD5 hash:8696F9EBBC79CF408D4FF3A138719580
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2091795003.0000000003E3E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2091795003.0000000003E3E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:3
                                        Start time:02:59:55
                                        Start date:27/05/2024
                                        Path:C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\Reiven RFQ-27-05-2024.exe"
                                        Imagebase:0x4a0000
                                        File size:890'376 bytes
                                        MD5 hash:8696F9EBBC79CF408D4FF3A138719580
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.3328316664.0000000002A05000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3328316664.0000000002A05000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3328316664.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3328316664.0000000002A32000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:false

                                        General

                                        Target ID:4
                                        Start time:03:00:08
                                        Start date:27/05/2024
                                        Path:C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe"
                                        Imagebase:0x220000
                                        File size:890'376 bytes
                                        MD5 hash:8696F9EBBC79CF408D4FF3A138719580
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Antivirus matches:
                                        • Detection: 100%, Joe Sandbox ML
                                        • Detection: 32%, ReversingLabs
                                        • Detection: 55%, Virustotal, Browse
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:6
                                        Start time:03:00:11
                                        Start date:27/05/2024
                                        Path:C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe"
                                        Imagebase:0x5a0000
                                        File size:890'376 bytes
                                        MD5 hash:8696F9EBBC79CF408D4FF3A138719580
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.3329095685.0000000002A15000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.3329095685.0000000002A15000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.3329095685.0000000002A66000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.3329095685.0000000002A42000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:false

                                        General

                                        Target ID:7
                                        Start time:03:00:16
                                        Start date:27/05/2024
                                        Path:C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe"
                                        Imagebase:0x740000
                                        File size:890'376 bytes
                                        MD5 hash:8696F9EBBC79CF408D4FF3A138719580
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:8
                                        Start time:03:00:17
                                        Start date:27/05/2024
                                        Path:C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe"
                                        Imagebase:0xcd0000
                                        File size:890'376 bytes
                                        MD5 hash:8696F9EBBC79CF408D4FF3A138719580
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.3328584752.0000000003152000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.3328584752.0000000003176000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.3328584752.0000000003125000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.3328584752.0000000003125000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:false

                                        Disassembly

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:10.3%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:3.8%
                                          Total number of Nodes:316
                                          Total number of Limit Nodes:13
                                          execution_graph 53533 5136f40 53534 5136f6d 53533->53534 53537 5136ae8 53534->53537 53536 5137018 53538 5136af3 53537->53538 53541 5136c0c 53538->53541 53540 5137bf5 53540->53536 53542 5136c17 53541->53542 53544 1275c94 2 API calls 53542->53544 53546 1277212 53542->53546 53543 5137d8c 53543->53540 53544->53543 53547 1277220 53546->53547 53548 1275cc4 2 API calls 53547->53548 53549 12772c5 53548->53549 53549->53543 53550 88c1a58 53552 88c1a7a 53550->53552 53551 88c1a9f 53552->53551 53554 88c417f 53552->53554 53555 88c41b3 53554->53555 53556 88c4221 53555->53556 53558 88c4509 53555->53558 53556->53552 53559 88c458e ResumeThread 53558->53559 53562 88c4517 53558->53562 53561 88c45e1 53559->53561 53561->53556 53562->53556 53397 119d01c 53398 119d034 53397->53398 53399 119d08e 53398->53399 53402 5132809 53398->53402 53407 5132818 53398->53407 53403 5132845 53402->53403 53404 5132877 53403->53404 53412 5132990 53403->53412 53416 51329a0 53403->53416 53408 5132845 53407->53408 53409 5132877 53408->53409 53410 5132990 2 API calls 53408->53410 53411 51329a0 2 API calls 53408->53411 53410->53409 53411->53409 53413 51329b4 53412->53413 53420 5132a58 53413->53420 53414 5132a40 53414->53404 53418 51329b4 53416->53418 53417 5132a40 53417->53404 53419 5132a58 2 API calls 53418->53419 53419->53417 53421 5132a69 53420->53421 53423 5134013 53420->53423 53421->53414 53427 5134030 53423->53427 53431 5134040 53423->53431 53424 513402a 53424->53421 53428 5134040 53427->53428 53429 51340da CallWindowProcW 53428->53429 53430 5134089 53428->53430 53429->53430 53430->53424 53432 5134082 53431->53432 53434 5134089 53431->53434 53433 51340da CallWindowProcW 53432->53433 53432->53434 53433->53434 53434->53424 53570 88c202a 53571 88c202e 53570->53571 53573 88c417f ResumeThread 53571->53573 53572 88c20a8 53573->53572 53574 88c586b 53575 88c5879 53574->53575 53576 88c584a 53574->53576 53581 88c6058 53575->53581 53601 88c60c6 53575->53601 53622 88c6068 53575->53622 53577 88c5960 53582 88c6068 53581->53582 53642 88c6733 53582->53642 53647 88c6751 53582->53647 53652 88c65f1 53582->53652 53659 88c66d7 53582->53659 53664 88c68d5 53582->53664 53669 88c67d4 53582->53669 53675 88c6378 53582->53675 53681 88c649e 53582->53681 53687 88c683e 53582->53687 53692 88c675e 53582->53692 53698 88c6cc1 53582->53698 53703 88c65c1 53582->53703 53708 88c6420 53582->53708 53713 88c688a 53582->53713 53719 88c6969 53582->53719 53724 88c6ce8 53582->53724 53729 88c630f 53582->53729 53583 88c60a6 53583->53577 53602 88c6054 53601->53602 53604 88c60c9 53601->53604 53605 88c630f 2 API calls 53602->53605 53606 88c6ce8 2 API calls 53602->53606 53607 88c6969 2 API calls 53602->53607 53608 88c688a 3 API calls 53602->53608 53609 88c6420 2 API calls 53602->53609 53610 88c65c1 2 API calls 53602->53610 53611 88c6cc1 2 API calls 53602->53611 53612 88c675e 3 API calls 53602->53612 53613 88c683e 2 API calls 53602->53613 53614 88c649e 2 API calls 53602->53614 53615 88c6378 2 API calls 53602->53615 53616 88c67d4 3 API calls 53602->53616 53617 88c68d5 2 API calls 53602->53617 53618 88c66d7 2 API calls 53602->53618 53619 88c65f1 3 API calls 53602->53619 53620 88c6751 2 API calls 53602->53620 53621 88c6733 2 API calls 53602->53621 53603 88c60a6 53603->53577 53604->53577 53605->53603 53606->53603 53607->53603 53608->53603 53609->53603 53610->53603 53611->53603 53612->53603 53613->53603 53614->53603 53615->53603 53616->53603 53617->53603 53618->53603 53619->53603 53620->53603 53621->53603 53623 88c6070 53622->53623 53625 88c630f 2 API calls 53623->53625 53626 88c6ce8 2 API calls 53623->53626 53627 88c6969 2 API calls 53623->53627 53628 88c688a 3 API calls 53623->53628 53629 88c6420 2 API calls 53623->53629 53630 88c65c1 2 API calls 53623->53630 53631 88c6cc1 2 API calls 53623->53631 53632 88c675e 3 API calls 53623->53632 53633 88c683e 2 API calls 53623->53633 53634 88c649e 2 API calls 53623->53634 53635 88c6378 2 API calls 53623->53635 53636 88c67d4 3 API calls 53623->53636 53637 88c68d5 2 API calls 53623->53637 53638 88c66d7 2 API calls 53623->53638 53639 88c65f1 3 API calls 53623->53639 53640 88c6751 2 API calls 53623->53640 53641 88c6733 2 API calls 53623->53641 53624 88c60a6 53624->53577 53625->53624 53626->53624 53627->53624 53628->53624 53629->53624 53630->53624 53631->53624 53632->53624 53633->53624 53634->53624 53635->53624 53636->53624 53637->53624 53638->53624 53639->53624 53640->53624 53641->53624 53643 88c6e99 53642->53643 53735 88c4b29 53643->53735 53739 88c4b30 53643->53739 53644 88c6eb7 53648 88c66df 53647->53648 53649 88c65a8 53648->53649 53743 88c4bef 53648->53743 53747 88c4bf0 53648->53747 53649->53583 53653 88c67fd 53652->53653 53654 88c65a8 53652->53654 53657 88c4509 ResumeThread 53653->53657 53751 88c4568 53653->53751 53755 88c4570 53653->53755 53654->53583 53655 88c68b6 53655->53583 53657->53655 53660 88c66df 53659->53660 53662 88c4bef WriteProcessMemory 53660->53662 53663 88c4bf0 WriteProcessMemory 53660->53663 53661 88c65a8 53661->53583 53662->53661 53663->53661 53665 88c68f8 53664->53665 53667 88c4bef WriteProcessMemory 53665->53667 53668 88c4bf0 WriteProcessMemory 53665->53668 53666 88c6b1a 53667->53666 53668->53666 53670 88c67fd 53669->53670 53672 88c4568 ResumeThread 53670->53672 53673 88c4509 ResumeThread 53670->53673 53674 88c4570 ResumeThread 53670->53674 53671 88c68b6 53671->53583 53672->53671 53673->53671 53674->53671 53677 88c63a6 53675->53677 53676 88c645f 53676->53583 53677->53676 53759 88c52b0 53677->53759 53763 88c52a4 53677->53763 53683 88c642c 53681->53683 53682 88c645f 53682->53583 53683->53682 53685 88c52a4 CreateProcessA 53683->53685 53686 88c52b0 CreateProcessA 53683->53686 53684 88c6580 53684->53583 53685->53684 53686->53684 53688 88c6cec 53687->53688 53767 88c4a58 53688->53767 53771 88c4a51 53688->53771 53689 88c6d07 53693 88c6776 53692->53693 53694 88c68b6 53693->53694 53695 88c4568 ResumeThread 53693->53695 53696 88c4509 ResumeThread 53693->53696 53697 88c4570 ResumeThread 53693->53697 53694->53583 53695->53694 53696->53694 53697->53694 53699 88c6e2d 53698->53699 53775 88c4cd8 53699->53775 53779 88c4ce0 53699->53779 53700 88c6e52 53704 88c65d0 53703->53704 53706 88c4bef WriteProcessMemory 53704->53706 53707 88c4bf0 WriteProcessMemory 53704->53707 53705 88c6c4f 53705->53583 53706->53705 53707->53705 53709 88c642c 53708->53709 53711 88c52a4 CreateProcessA 53709->53711 53712 88c52b0 CreateProcessA 53709->53712 53710 88c6580 53710->53583 53711->53710 53712->53710 53714 88c6890 53713->53714 53716 88c4568 ResumeThread 53714->53716 53717 88c4509 ResumeThread 53714->53717 53718 88c4570 ResumeThread 53714->53718 53715 88c68b6 53715->53583 53716->53715 53717->53715 53718->53715 53720 88c696c 53719->53720 53722 88c4a58 Wow64SetThreadContext 53720->53722 53723 88c4a51 Wow64SetThreadContext 53720->53723 53721 88c69fd 53721->53583 53722->53721 53723->53721 53725 88c6cec 53724->53725 53727 88c4a58 Wow64SetThreadContext 53725->53727 53728 88c4a51 Wow64SetThreadContext 53725->53728 53726 88c6d07 53727->53726 53728->53726 53731 88c6322 53729->53731 53730 88c632f 53730->53583 53731->53730 53733 88c52a4 CreateProcessA 53731->53733 53734 88c52b0 CreateProcessA 53731->53734 53732 88c6580 53732->53583 53733->53732 53734->53732 53736 88c4b30 VirtualAllocEx 53735->53736 53738 88c4bad 53736->53738 53738->53644 53740 88c4b38 VirtualAllocEx 53739->53740 53742 88c4bad 53740->53742 53742->53644 53744 88c4c38 WriteProcessMemory 53743->53744 53746 88c4c8f 53744->53746 53746->53649 53748 88c4c38 WriteProcessMemory 53747->53748 53750 88c4c8f 53748->53750 53750->53649 53752 88c4570 ResumeThread 53751->53752 53754 88c45e1 53752->53754 53754->53655 53756 88c4578 ResumeThread 53755->53756 53758 88c45e1 53756->53758 53758->53655 53760 88c5339 CreateProcessA 53759->53760 53762 88c54fb 53760->53762 53762->53762 53764 88c5339 CreateProcessA 53763->53764 53766 88c54fb 53764->53766 53766->53766 53768 88c4a9d Wow64SetThreadContext 53767->53768 53770 88c4ae5 53768->53770 53770->53689 53772 88c4a58 Wow64SetThreadContext 53771->53772 53774 88c4ae5 53772->53774 53774->53689 53776 88c4ce0 ReadProcessMemory 53775->53776 53778 88c4d6f 53776->53778 53778->53700 53780 88c4d2b ReadProcessMemory 53779->53780 53782 88c4d6f 53780->53782 53782->53700 53783 127d040 53784 127d086 53783->53784 53788 127d628 53784->53788 53791 127d618 53784->53791 53785 127d173 53794 127d27c 53788->53794 53792 127d27c DuplicateHandle 53791->53792 53793 127d656 53791->53793 53792->53793 53793->53785 53795 127d690 DuplicateHandle 53794->53795 53796 127d656 53795->53796 53796->53785 53563 88c7210 53564 88c739b 53563->53564 53566 88c7236 53563->53566 53566->53564 53567 88c2fd8 53566->53567 53568 88c7898 PostMessageW 53567->53568 53569 88c7904 53568->53569 53569->53566 53797 88c1d71 53798 88c1a90 53797->53798 53799 88c1a9f 53798->53799 53800 88c417f ResumeThread 53798->53800 53800->53798 53435 1274668 53436 127467a 53435->53436 53437 1274686 53436->53437 53441 1274779 53436->53441 53446 1273e28 53437->53446 53439 12746a5 53442 127479d 53441->53442 53450 1274878 53442->53450 53454 1274888 53442->53454 53447 1273e33 53446->53447 53462 1275c44 53447->53462 53449 1277048 53449->53439 53452 1274888 53450->53452 53451 127498c 53451->53451 53452->53451 53458 12744b0 53452->53458 53456 12748af 53454->53456 53455 127498c 53455->53455 53456->53455 53457 12744b0 CreateActCtxA 53456->53457 53457->53455 53459 1275918 CreateActCtxA 53458->53459 53461 12759db 53459->53461 53461->53461 53463 1275c4f 53462->53463 53466 1275c64 53463->53466 53465 12770ed 53465->53449 53467 1275c6f 53466->53467 53470 1275c94 53467->53470 53469 12771c2 53469->53465 53471 1275c9f 53470->53471 53474 1275cc4 53471->53474 53473 12772c5 53473->53469 53475 1275ccf 53474->53475 53477 12785cb 53475->53477 53480 127ac7a 53475->53480 53476 1278609 53476->53473 53477->53476 53485 127cd78 53477->53485 53481 127ac85 53480->53481 53490 127aca0 53481->53490 53494 127acb0 53481->53494 53482 127ac8e 53482->53477 53486 127cd99 53485->53486 53487 127cdbd 53486->53487 53517 127cf19 53486->53517 53521 127cf28 53486->53521 53487->53476 53491 127acb0 53490->53491 53497 127ada8 53491->53497 53492 127acbf 53492->53482 53496 127ada8 2 API calls 53494->53496 53495 127acbf 53495->53482 53496->53495 53498 127addc 53497->53498 53499 127adb9 53497->53499 53498->53492 53499->53498 53505 127b040 53499->53505 53509 127b030 53499->53509 53500 127afe0 GetModuleHandleW 53502 127b00d 53500->53502 53501 127add4 53501->53498 53501->53500 53502->53492 53506 127b054 53505->53506 53507 127b079 53506->53507 53513 127a130 53506->53513 53507->53501 53510 127b054 53509->53510 53511 127b079 53510->53511 53512 127a130 LoadLibraryExW 53510->53512 53511->53501 53512->53511 53514 127b220 LoadLibraryExW 53513->53514 53516 127b299 53514->53516 53516->53507 53518 127cf10 53517->53518 53518->53517 53520 127cf6f 53518->53520 53525 127bae0 53518->53525 53520->53487 53522 127cf35 53521->53522 53523 127bae0 2 API calls 53522->53523 53524 127cf6f 53522->53524 53523->53524 53524->53487 53526 127bae5 53525->53526 53528 127dc88 53526->53528 53529 127d2dc 53526->53529 53528->53528 53530 127d2e7 53529->53530 53531 1275cc4 2 API calls 53530->53531 53532 127dcf7 53531->53532 53532->53528

                                          Executed Functions

                                          Function 05136F40 Relevance: .8, Instructions: 750COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093218515.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5130000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ebb57e636bec0cbbf7829bcc51e22b91d90aca660ee5744076e413816d320c0c
                                          • Instruction ID: 99610458d54dcf1b66e4b0153a9ea9135c7e06e377ac4d846e48c675caf01e9e
                                          • Opcode Fuzzy Hash: ebb57e636bec0cbbf7829bcc51e22b91d90aca660ee5744076e413816d320c0c
                                          • Instruction Fuzzy Hash: 1782B534A10219CFDB54EF68C894B99B7B2FF8A304F1185E9D509AB365DB31AE85CF40
                                          Function 05136F30 Relevance: .7, Instructions: 690COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093218515.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5130000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bd94abab7c1dc2d0df3813d7ae0d39d7195ff5fccbacf1a8fcdc4d939d802c7c
                                          • Instruction ID: f18ce9a4b0436708c33cafda0e4e801c8b7ffa5951db337ac301a479eb600c93
                                          • Opcode Fuzzy Hash: bd94abab7c1dc2d0df3813d7ae0d39d7195ff5fccbacf1a8fcdc4d939d802c7c
                                          • Instruction Fuzzy Hash: 4F72A534A11219CFDB14EF68C894B99B7B2FF8A304F1185E9D509AB365DB31AE85CF40
                                          Function 088C630F Relevance: .2, Instructions: 206COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e742a67bcfe8d34b5ca88a077c8f8137c417af942866b1f4abb559511c3635e0
                                          • Instruction ID: e529cfca1097a274a3ccc626fa5f98f04cf0b6e0034be84c7115fb1e6a3f5824
                                          • Opcode Fuzzy Hash: e742a67bcfe8d34b5ca88a077c8f8137c417af942866b1f4abb559511c3635e0
                                          • Instruction Fuzzy Hash: F5817871D09259CFDB29CF66C840BEDBBB6AF99301F0481EED408A7255EB709A84CF40
                                          Function 088C52A4 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 248processCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 88c52a4-88c5345 2 88c537e-88c539e 0->2 3 88c5347-88c5351 0->3 10 88c53d7-88c5406 2->10 11 88c53a0-88c53aa 2->11 3->2 4 88c5353-88c5355 3->4 5 88c5378-88c537b 4->5 6 88c5357-88c5361 4->6 5->2 8 88c5365-88c5374 6->8 9 88c5363 6->9 8->8 12 88c5376 8->12 9->8 17 88c543f-88c54f9 CreateProcessA 10->17 18 88c5408-88c5412 10->18 11->10 13 88c53ac-88c53ae 11->13 12->5 15 88c53b0-88c53ba 13->15 16 88c53d1-88c53d4 13->16 19 88c53bc 15->19 20 88c53be-88c53cd 15->20 16->10 31 88c54fb-88c5501 17->31 32 88c5502-88c5588 17->32 18->17 22 88c5414-88c5416 18->22 19->20 20->20 21 88c53cf 20->21 21->16 23 88c5418-88c5422 22->23 24 88c5439-88c543c 22->24 26 88c5424 23->26 27 88c5426-88c5435 23->27 24->17 26->27 27->27 29 88c5437 27->29 29->24 31->32 42 88c5598-88c559c 32->42 43 88c558a-88c558e 32->43 45 88c55ac-88c55b0 42->45 46 88c559e-88c55a2 42->46 43->42 44 88c5590 43->44 44->42 48 88c55c0-88c55c4 45->48 49 88c55b2-88c55b6 45->49 46->45 47 88c55a4 46->47 47->45 51 88c55d6-88c55dd 48->51 52 88c55c6-88c55cc 48->52 49->48 50 88c55b8 49->50 50->48 53 88c55df-88c55ee 51->53 54 88c55f4 51->54 52->51 53->54 56 88c55f5 54->56 56->56
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 088C54E6
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID: |Pu/$|Pu/
                                          • API String ID: 963392458-1839175548
                                          • Opcode ID: 82bd0f95f154fe9bf0454fe71dee238473e44a5a6df54e7ca8e2fb9b5f6a695b
                                          • Instruction ID: 2ca34040dddd4fe426aadf5f47dc9745c495c656aa6061963fca51ed406ba177
                                          • Opcode Fuzzy Hash: 82bd0f95f154fe9bf0454fe71dee238473e44a5a6df54e7ca8e2fb9b5f6a695b
                                          • Instruction Fuzzy Hash: 2BA13971D00619DFEF24CF68C8417ADBBB2BB48315F14816DE809E7254DB74A985CF91
                                          Function 088C52B0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 243processCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 57 88c52b0-88c5345 59 88c537e-88c539e 57->59 60 88c5347-88c5351 57->60 67 88c53d7-88c5406 59->67 68 88c53a0-88c53aa 59->68 60->59 61 88c5353-88c5355 60->61 62 88c5378-88c537b 61->62 63 88c5357-88c5361 61->63 62->59 65 88c5365-88c5374 63->65 66 88c5363 63->66 65->65 69 88c5376 65->69 66->65 74 88c543f-88c54f9 CreateProcessA 67->74 75 88c5408-88c5412 67->75 68->67 70 88c53ac-88c53ae 68->70 69->62 72 88c53b0-88c53ba 70->72 73 88c53d1-88c53d4 70->73 76 88c53bc 72->76 77 88c53be-88c53cd 72->77 73->67 88 88c54fb-88c5501 74->88 89 88c5502-88c5588 74->89 75->74 79 88c5414-88c5416 75->79 76->77 77->77 78 88c53cf 77->78 78->73 80 88c5418-88c5422 79->80 81 88c5439-88c543c 79->81 83 88c5424 80->83 84 88c5426-88c5435 80->84 81->74 83->84 84->84 86 88c5437 84->86 86->81 88->89 99 88c5598-88c559c 89->99 100 88c558a-88c558e 89->100 102 88c55ac-88c55b0 99->102 103 88c559e-88c55a2 99->103 100->99 101 88c5590 100->101 101->99 105 88c55c0-88c55c4 102->105 106 88c55b2-88c55b6 102->106 103->102 104 88c55a4 103->104 104->102 108 88c55d6-88c55dd 105->108 109 88c55c6-88c55cc 105->109 106->105 107 88c55b8 106->107 107->105 110 88c55df-88c55ee 108->110 111 88c55f4 108->111 109->108 110->111 113 88c55f5 111->113 113->113
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 088C54E6
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID: |Pu/$|Pu/
                                          • API String ID: 963392458-1839175548
                                          • Opcode ID: b8c8e8bb928616122d079bdca3f300f1d0e99603ad1f3da096525fb8a101f46c
                                          • Instruction ID: 5e55878bfbc4cdb120c68ef1efbafc5efd30d7c0288ecdf9f9708ba49e4f5d2b
                                          • Opcode Fuzzy Hash: b8c8e8bb928616122d079bdca3f300f1d0e99603ad1f3da096525fb8a101f46c
                                          • Instruction Fuzzy Hash: 44913871D0061ADFEF24CF68C8417AEBBB2BB48315F14816DE809E7284DB74A985CF91
                                          Function 0127ADA8 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 210COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 114 127ada8-127adb7 115 127ade3-127ade7 114->115 116 127adb9-127adc6 call 127a0cc 114->116 118 127adfb-127ae3c 115->118 119 127ade9-127adf3 115->119 123 127addc 116->123 124 127adc8 116->124 125 127ae3e-127ae46 118->125 126 127ae49-127ae57 118->126 119->118 123->115 172 127adce call 127b030 124->172 173 127adce call 127b040 124->173 125->126 127 127ae7b-127ae7d 126->127 128 127ae59-127ae5e 126->128 133 127ae80-127ae87 127->133 130 127ae60-127ae67 call 127a0d8 128->130 131 127ae69 128->131 129 127add4-127add6 129->123 132 127af18-127af94 129->132 137 127ae6b-127ae79 130->137 131->137 164 127af96-127afbe 132->164 165 127afc0-127afd8 132->165 134 127ae94-127ae9b 133->134 135 127ae89-127ae91 133->135 138 127ae9d-127aea5 134->138 139 127aea8-127aeaa call 127a0e8 134->139 135->134 137->133 138->139 143 127aeaf-127aeb1 139->143 145 127aeb3-127aebb 143->145 146 127aebe-127aec3 143->146 145->146 147 127aec5-127aecc 146->147 148 127aee1-127aeee 146->148 147->148 150 127aece-127aede call 127a0f8 call 127a108 147->150 154 127af11-127af17 148->154 155 127aef0-127af0e 148->155 150->148 155->154 164->165 167 127afe0-127b00b GetModuleHandleW 165->167 168 127afda-127afdd 165->168 169 127b014-127b028 167->169 170 127b00d-127b013 167->170 168->167 170->169 172->129 173->129
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 0127AFFE
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2090761165.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1270000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID: |Pu/
                                          • API String ID: 4139908857-2508742242
                                          • Opcode ID: 4b88cef59f77afbaefcdbc716d10496cc299c26feee247d5af104d0ea3bec8b6
                                          • Instruction ID: 080ad2fd2de6fb917431ed3ca214fd578f4a615a4ca323a88e8b8bb62feaec8c
                                          • Opcode Fuzzy Hash: 4b88cef59f77afbaefcdbc716d10496cc299c26feee247d5af104d0ea3bec8b6
                                          • Instruction Fuzzy Hash: 2B815670A10B068FE724DF2AC04579BBBF1FF88614F04892DD19AD7A40D775E84ACB91
                                          Function 012744B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 174 12744b0-12759d9 CreateActCtxA 177 12759e2-1275a3c 174->177 178 12759db-12759e1 174->178 185 1275a3e-1275a41 177->185 186 1275a4b-1275a4f 177->186 178->177 185->186 187 1275a51-1275a5d 186->187 188 1275a60 186->188 187->188 189 1275a61 188->189 189->189
                                          APIs
                                          • CreateActCtxA.KERNEL32(?), ref: 012759C9
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2090761165.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1270000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID: |Pu/
                                          • API String ID: 2289755597-2508742242
                                          • Opcode ID: 4745626bc6077cf48a060eb7aaf929ab1ee545a620d9374b542c0b8ceab120f0
                                          • Instruction ID: de6fa0d4039a9966d5896c388865a94d309004f85696ca91c10f47f3f8fbb666
                                          • Opcode Fuzzy Hash: 4745626bc6077cf48a060eb7aaf929ab1ee545a620d9374b542c0b8ceab120f0
                                          • Instruction Fuzzy Hash: 2A41F171C1071DCBEB24DFA9C984B9EFBB5BF49304F20806AD508AB251DBB16945CF90
                                          Function 0127590D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 95COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 191 127590d-1275914 192 127591c-12759d9 CreateActCtxA 191->192 194 12759e2-1275a3c 192->194 195 12759db-12759e1 192->195 202 1275a3e-1275a41 194->202 203 1275a4b-1275a4f 194->203 195->194 202->203 204 1275a51-1275a5d 203->204 205 1275a60 203->205 204->205 206 1275a61 205->206 206->206
                                          APIs
                                          • CreateActCtxA.KERNEL32(?), ref: 012759C9
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2090761165.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1270000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID: |Pu/
                                          • API String ID: 2289755597-2508742242
                                          • Opcode ID: 5bece9f4cfa41c2a1581bc27bd6cb9b83e841ccb82dd10bb0f580590e69b1c82
                                          • Instruction ID: 7b034d066ea2adf7f5c05c94e13ad60b18b502a96deccc7394de91ed3d8aaeec
                                          • Opcode Fuzzy Hash: 5bece9f4cfa41c2a1581bc27bd6cb9b83e841ccb82dd10bb0f580590e69b1c82
                                          • Instruction Fuzzy Hash: C741D071C00719CBEB24DFA9C98479EBBB1BF48304F24816AD518AB251DB756945CF90
                                          Function 05134040 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 93COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 208 5134040-513407c 209 5134082-5134087 208->209 210 513412c-513414c 208->210 211 51340da-5134112 CallWindowProcW 209->211 212 5134089-51340c0 209->212 216 513414f-513415c 210->216 213 5134114-513411a 211->213 214 513411b-513412a 211->214 219 51340c2-51340c8 212->219 220 51340c9-51340d8 212->220 213->214 214->216 219->220 220->216
                                          APIs
                                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 05134101
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093218515.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5130000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: CallProcWindow
                                          • String ID: |Pu/
                                          • API String ID: 2714655100-2508742242
                                          • Opcode ID: 35509bbc3cc00fe5de57f7fcdf6bbd046d99ede5af421c5adee1cd4c7802d061
                                          • Instruction ID: 0a54e36d44b3ab18ec2545131d2d2e835aa10f34f2cf0e2a71c6ab49be2b358e
                                          • Opcode Fuzzy Hash: 35509bbc3cc00fe5de57f7fcdf6bbd046d99ede5af421c5adee1cd4c7802d061
                                          • Instruction Fuzzy Hash: 5F414AB5A00709DFCB14CF99C849AAEBBF5FF88314F248459D519AB321D775A841CFA0
                                          Function 088C4A51 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 70threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 222 88c4a51-88c4aa3 225 88c4aa5-88c4ab1 222->225 226 88c4ab3-88c4ae3 Wow64SetThreadContext 222->226 225->226 228 88c4aec-88c4b1c 226->228 229 88c4ae5-88c4aeb 226->229 229->228
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 088C4AD6
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID: |Pu/
                                          • API String ID: 983334009-2508742242
                                          • Opcode ID: 4bb03f2a34f671efd4ca73df3cd09d4047f22754920bcac02ba6abf394dd69e9
                                          • Instruction ID: 5663ecc014a1ed1c49ab60087197a1cfaaed58a63aeb70ad8cff7223b4eb70c0
                                          • Opcode Fuzzy Hash: 4bb03f2a34f671efd4ca73df3cd09d4047f22754920bcac02ba6abf394dd69e9
                                          • Instruction Fuzzy Hash: 6D213971900209DFDB10DFAAC5857EEBBF4EF88724F14842DD519A7240C778A944CBA9
                                          Function 088C4BEF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69injectionCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 233 88c4bef-88c4c3e 235 88c4c4e-88c4c8d WriteProcessMemory 233->235 236 88c4c40-88c4c4c 233->236 238 88c4c8f-88c4c95 235->238 239 88c4c96-88c4cc6 235->239 236->235 238->239
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 088C4C80
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID: |Pu/
                                          • API String ID: 3559483778-2508742242
                                          • Opcode ID: a491ef048f0e0677a79ff8e5133ed1a0b0938c836db83310990ef5004ca161d7
                                          • Instruction ID: 7d50400788c1b37a3d32e22ed21690fb981077f9d42d9564278a95b14f31178b
                                          • Opcode Fuzzy Hash: a491ef048f0e0677a79ff8e5133ed1a0b0938c836db83310990ef5004ca161d7
                                          • Instruction Fuzzy Hash: D22115719003499FDB10CFA9C885BEEBBF1BF48310F10842DE919A7250C7789954CBA4
                                          Function 088C4BF0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69injectionCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 243 88c4bf0-88c4c3e 245 88c4c4e-88c4c8d WriteProcessMemory 243->245 246 88c4c40-88c4c4c 243->246 248 88c4c8f-88c4c95 245->248 249 88c4c96-88c4cc6 245->249 246->245 248->249
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 088C4C80
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID: |Pu/
                                          • API String ID: 3559483778-2508742242
                                          • Opcode ID: 1e6d0137cb4616ca884eb25663ac61684c0b606876d74f50b739e69a42cb9026
                                          • Instruction ID: 7d4f4c8f1499764593e6f556a1e1223df94a3b4f833cf20d38828cd7530d5db5
                                          • Opcode Fuzzy Hash: 1e6d0137cb4616ca884eb25663ac61684c0b606876d74f50b739e69a42cb9026
                                          • Instruction Fuzzy Hash: 58212671900349DFDB10CFA9C885BEEBBF5FF48310F108429E918A7250C7789954CBA4
                                          Function 0127D27C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 253 127d27c-127d724 DuplicateHandle 255 127d726-127d72c 253->255 256 127d72d-127d74a 253->256 255->256
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0127D656,?,?,?,?,?), ref: 0127D717
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2090761165.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1270000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID: |Pu/
                                          • API String ID: 3793708945-2508742242
                                          • Opcode ID: 6df0df52078a835c4599f9ea3f55edaecf7b0d83b9ea00847aa7205cf9a887ee
                                          • Instruction ID: 4dcd5d05ab1432bb37d0026acd59277e585a5b1f59caeb0149744025115074a6
                                          • Opcode Fuzzy Hash: 6df0df52078a835c4599f9ea3f55edaecf7b0d83b9ea00847aa7205cf9a887ee
                                          • Instruction Fuzzy Hash: 1D21D4B5910249DFDB10CF9AD584ADEBBF4EB48320F14841AE918A7310D375A954CFA4
                                          Function 088C4CD8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 259 88c4cd8-88c4d6d ReadProcessMemory 263 88c4d6f-88c4d75 259->263 264 88c4d76-88c4da6 259->264 263->264
                                          APIs
                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 088C4D60
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: MemoryProcessRead
                                          • String ID: |Pu/
                                          • API String ID: 1726664587-2508742242
                                          • Opcode ID: a6743a58157003a915447bc35219fcb8987b0e1b9922d675b89c2b07d0db29cf
                                          • Instruction ID: 06129645842d0c341c03f9ea6c93511c35ea705718b7087f11454fbf10312fb6
                                          • Opcode Fuzzy Hash: a6743a58157003a915447bc35219fcb8987b0e1b9922d675b89c2b07d0db29cf
                                          • Instruction Fuzzy Hash: 1E2127718003499FDB10DFAAC881AEEFBF5FF48320F10842AE618A7250C7759550CBA4
                                          Function 0127D689 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 268 127d689-127d68e 269 127d690-127d724 DuplicateHandle 268->269 270 127d726-127d72c 269->270 271 127d72d-127d74a 269->271 270->271
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0127D656,?,?,?,?,?), ref: 0127D717
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2090761165.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1270000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID: |Pu/
                                          • API String ID: 3793708945-2508742242
                                          • Opcode ID: 37fbf52f81aff33a6d45fc27f88c03d3626a4a32f5c4127c83545e21a791c1a0
                                          • Instruction ID: 5b0cbb3a06b2bfd89032e88f48e087a27e89eb9c93f2345442b651ac35cef32b
                                          • Opcode Fuzzy Hash: 37fbf52f81aff33a6d45fc27f88c03d3626a4a32f5c4127c83545e21a791c1a0
                                          • Instruction Fuzzy Hash: D621D2B59002499FDB10CFAAD984ADEBBF9EB48324F14801AE918A3210D375A954CFA4
                                          Function 088C4CE0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 284 88c4ce0-88c4d6d ReadProcessMemory 287 88c4d6f-88c4d75 284->287 288 88c4d76-88c4da6 284->288 287->288
                                          APIs
                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 088C4D60
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: MemoryProcessRead
                                          • String ID: |Pu/
                                          • API String ID: 1726664587-2508742242
                                          • Opcode ID: b258d1b0330ba522ecfa0b699df76795ed36266f30534eb55290acbdd015229d
                                          • Instruction ID: de2c2e2b679b37e254da06c1230de729155144ccc0e534788c8152971d18cfe9
                                          • Opcode Fuzzy Hash: b258d1b0330ba522ecfa0b699df76795ed36266f30534eb55290acbdd015229d
                                          • Instruction Fuzzy Hash: 8A21E6719003499FDB10DFAAC881BEEBBF5FF48320F10842AE619A7250D7799554CBA5
                                          Function 088C4A58 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 274 88c4a58-88c4aa3 276 88c4aa5-88c4ab1 274->276 277 88c4ab3-88c4ae3 Wow64SetThreadContext 274->277 276->277 279 88c4aec-88c4b1c 277->279 280 88c4ae5-88c4aeb 277->280 280->279
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 088C4AD6
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID: |Pu/
                                          • API String ID: 983334009-2508742242
                                          • Opcode ID: 2d163d313e15ad7cbb8a8703da29461c9d5e31a520318ba378d7a38880649c65
                                          • Instruction ID: b68cd3b9c8f8d79d2ec40367ddc8f4402757d49b436e39ced861c1bc79086607
                                          • Opcode Fuzzy Hash: 2d163d313e15ad7cbb8a8703da29461c9d5e31a520318ba378d7a38880649c65
                                          • Instruction Fuzzy Hash: BE2115719003099FDB14DFAAC5857AEBBF4EF88324F14842ED519A7240DB78A944CFA9
                                          Function 088C4B29 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 61memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 292 88c4b29-88c4b2e 293 88c4b38-88c4bab VirtualAllocEx 292->293 294 88c4b30-88c4b36 292->294 297 88c4bad-88c4bb3 293->297 298 88c4bb4-88c4bd9 293->298 294->293 297->298
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 088C4B9E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID: |Pu/
                                          • API String ID: 4275171209-2508742242
                                          • Opcode ID: 2ee67a49d8cbbe1e5db19e0dacd0f4649243cb5ae0ae9aa4ce48a698f65ee38d
                                          • Instruction ID: b23dd85ec00e447dcc03804a574f4f26513a138c0f55c39d59f41307030daf3e
                                          • Opcode Fuzzy Hash: 2ee67a49d8cbbe1e5db19e0dacd0f4649243cb5ae0ae9aa4ce48a698f65ee38d
                                          • Instruction Fuzzy Hash: 012188728003499FDB20CFAAC841BDEBFF5AF88320F14845DE555A7250CB75A954CBA5
                                          Function 088C4568 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID: |Pu/
                                          • API String ID: 947044025-2508742242
                                          • Opcode ID: 587bb27e36000c0f57a07053b0598e0c4eccb982c52f332f222d94b4da317b46
                                          • Instruction ID: b46bfb337f07495fdf949b3e39954039c7f96d115d18dac4a6b307bb602c858e
                                          • Opcode Fuzzy Hash: 587bb27e36000c0f57a07053b0598e0c4eccb982c52f332f222d94b4da317b46
                                          • Instruction Fuzzy Hash: 4211AC718043898FDB20CFAAC4457AEFFF4EF88320F24845EC559A7240CB75A944CBA9
                                          Function 0127A130 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0127B079,00000800,00000000,00000000), ref: 0127B28A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2090761165.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1270000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID: |Pu/
                                          • API String ID: 1029625771-2508742242
                                          • Opcode ID: 0dbf6335058340fb7edd468332a639b882542fd09457dd9aeb5345f973a19eab
                                          • Instruction ID: b9f36cb4c066efbd04feb5e62d5cf066f1b4b0c04f6e3246d5bb63d527d3432f
                                          • Opcode Fuzzy Hash: 0dbf6335058340fb7edd468332a639b882542fd09457dd9aeb5345f973a19eab
                                          • Instruction Fuzzy Hash: 1C1103B68013099FDB10CFAAD444A9FFBF4EB48320F10842AE919A7210C7B5A545CFA5
                                          Function 0127B218 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0127B079,00000800,00000000,00000000), ref: 0127B28A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2090761165.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1270000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID: |Pu/
                                          • API String ID: 1029625771-2508742242
                                          • Opcode ID: 129c7cb472d1fdda1e3b74a438d97f727e78038fbcd42bf1018323afdde4fc85
                                          • Instruction ID: 82d072864881307169cba087ba5bb725546a4fb53f3d931e32a46c7ce9f65afd
                                          • Opcode Fuzzy Hash: 129c7cb472d1fdda1e3b74a438d97f727e78038fbcd42bf1018323afdde4fc85
                                          • Instruction Fuzzy Hash: 7A1114B6800309DFDB14CFAAC484ADEFBF4BB48320F10841AD519A7210C775A545CFA4
                                          Function 088C4B30 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 088C4B9E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID: |Pu/
                                          • API String ID: 4275171209-2508742242
                                          • Opcode ID: b524981b15481657931ae4f7f8eb0a31ceca20e608080bb73f9df58b4aa3c119
                                          • Instruction ID: 0ed2b32acb4018a3c98629a2622b5034d546d8f9903bde0d6174c1fae5646f1e
                                          • Opcode Fuzzy Hash: b524981b15481657931ae4f7f8eb0a31ceca20e608080bb73f9df58b4aa3c119
                                          • Instruction Fuzzy Hash: 411156728002499FDF10CFAAC844BDEBBF5AF88320F108419E519A7250CB75A554CBA4
                                          Function 088C4570 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID: |Pu/
                                          • API String ID: 947044025-2508742242
                                          • Opcode ID: 749a8d3af186fade8cd5c868fb18af222e58a5fdf43149035eebdcfbf9ec26d3
                                          • Instruction ID: aa781585febce9c98378b9bb20bfaae70e6c1ef8990623af65e97e3194346982
                                          • Opcode Fuzzy Hash: 749a8d3af186fade8cd5c868fb18af222e58a5fdf43149035eebdcfbf9ec26d3
                                          • Instruction Fuzzy Hash: F31136B19003498FDB20DFAAC4457AEFBF4AF88724F24841ED519A7240CB79A944CFA5
                                          Function 0127AF98 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 0127AFFE
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2090761165.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1270000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID: |Pu/
                                          • API String ID: 4139908857-2508742242
                                          • Opcode ID: e88c5ce0f314c05ed7f57e0cfdef21ff31756cd2099595bc1a7b9acb9725edf9
                                          • Instruction ID: 685f7892e76dcd67bba63b354047301efc59e97b30c211cbed89ea1b17c78857
                                          • Opcode Fuzzy Hash: e88c5ce0f314c05ed7f57e0cfdef21ff31756cd2099595bc1a7b9acb9725edf9
                                          • Instruction Fuzzy Hash: E011DFB6C006498FDB14CF9AC444B9EFBF4AB88224F14841AD929A7210D379A545CFA5
                                          Function 088C2FD8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 088C78F5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: MessagePost
                                          • String ID: |Pu/
                                          • API String ID: 410705778-2508742242
                                          • Opcode ID: e3f2bb6f37307c057199a18e6f2d38cc36c04ec2f31afe40c1f62a2ec62f555d
                                          • Instruction ID: 1c20853ebaec9ed2f14fde0082b76283dcad9fedede2a86df11902d4fdcb0b69
                                          • Opcode Fuzzy Hash: e3f2bb6f37307c057199a18e6f2d38cc36c04ec2f31afe40c1f62a2ec62f555d
                                          • Instruction Fuzzy Hash: 2C11F5B5800349DFDB20DF9AD584BDEBBF8EB48724F108459E918A7200C375A954CFA5
                                          Function 088C7891 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 088C78F5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: MessagePost
                                          • String ID: |Pu/
                                          • API String ID: 410705778-2508742242
                                          • Opcode ID: 97ca5f48b417466d5fc183679168f045dcc2b749eed27fb9ee2796c39ec49e55
                                          • Instruction ID: acf72f9928c1d91bb6ea7754e6b14413fc880d5f68250a83d9be9d7eec0892fd
                                          • Opcode Fuzzy Hash: 97ca5f48b417466d5fc183679168f045dcc2b749eed27fb9ee2796c39ec49e55
                                          • Instruction Fuzzy Hash: B61122B5800349CFDB10CF9AC485BEEBBF4FB48324F20844AE518A7600C3B5A944CFA1
                                          Function 05202468 Relevance: 2.7, Strings: 2, Instructions: 210COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: |Pu/$|Pu/
                                          • API String ID: 0-1839175548
                                          • Opcode ID: 6da84a5643deb1a20052e95b8698911972fbb0e64be0c58e93c236f7d10efbe3
                                          • Instruction ID: 297c7a97423146006f61f87a392a868a0009a0dc610fba11763ca01addee2f33
                                          • Opcode Fuzzy Hash: 6da84a5643deb1a20052e95b8698911972fbb0e64be0c58e93c236f7d10efbe3
                                          • Instruction Fuzzy Hash: 49814E74E10319CFDB08DFA9C8946AEBBF2BF88310F14812AE405EB351DB749945CB91
                                          Function 05201434 Relevance: 2.6, Strings: 2, Instructions: 95COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: |Pu/$|Pu/
                                          • API String ID: 0-1839175548
                                          • Opcode ID: 33c8432aa2e46df3f11ca05c9b064409568f3ae1ae266d86f5eff7bf317e0e42
                                          • Instruction ID: 9f3596f5eae1cf32e21cc71e7ae5e111e195e9936ba42c43b16ec487040ee8b6
                                          • Opcode Fuzzy Hash: 33c8432aa2e46df3f11ca05c9b064409568f3ae1ae266d86f5eff7bf317e0e42
                                          • Instruction Fuzzy Hash: 6341B0B4D11359DFDB14CF9AC888A9EFBB1BF48710F20822AE418BB251D7B46845CF94
                                          Function 0127D751 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                          Download Yara Rule
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0127D656,?,?,?,?,?), ref: 0127D717
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2090761165.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1270000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: ba462c5678acfc92de638258430f772b465947c4d98b6b25fd35e8177cb60fe8
                                          • Instruction ID: 12b8cfc768dfa5ae1c20d72595cc3a9373f397f1678193a576f05484ebf0ba21
                                          • Opcode Fuzzy Hash: ba462c5678acfc92de638258430f772b465947c4d98b6b25fd35e8177cb60fe8
                                          • Instruction Fuzzy Hash: D4315E746403808FEB149FA5F45A7693FA6FBC9711F518539E9128B3D8CBB81856CB10
                                          Function 088C4509 Relevance: 1.6, APIs: 1, Instructions: 70threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 970c6c5c02f55e7944cf72d903866f86f28323f2c4363f2caf40b00a4b7c71b7
                                          • Instruction ID: f1859b5a92fb3a8bb1310139f710e9d95247b736bf6cd5031bc0acdbb23753d9
                                          • Opcode Fuzzy Hash: 970c6c5c02f55e7944cf72d903866f86f28323f2c4363f2caf40b00a4b7c71b7
                                          • Instruction Fuzzy Hash: 96215370E042498FDB14DFA9C4407AEBBF0AF88310F1084AEC419EB250CB789A84CF95
                                          Function 05208C10 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @
                                          • API String ID: 0-2766056989
                                          • Opcode ID: bbf49c3ec9066706644ce8eadc3dbffabcd5afa208fee51412c38e805c3d36cb
                                          • Instruction ID: e8090e3c4d2bf52cec2f2dfde87d4bf53dade8b31af55677e1dad5576c3a95f6
                                          • Opcode Fuzzy Hash: bbf49c3ec9066706644ce8eadc3dbffabcd5afa208fee51412c38e805c3d36cb
                                          • Instruction Fuzzy Hash: 6ED1303591120ACFCF04DFA8D4888EEB7B1FF58314B259659D8067B25ADB70A986CF80
                                          Function 05208C01 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID: 0-3916222277
                                          • Opcode ID: 14eb5d1c630b7c6895c3b0bba0034b49324d3c79a2f15f1061cb26f0bd8062e0
                                          • Instruction ID: cba2a6d605ff8e51c2dec10dab1ffe94ade4dc1c878baac341b527eb6d226314
                                          • Opcode Fuzzy Hash: 14eb5d1c630b7c6895c3b0bba0034b49324d3c79a2f15f1061cb26f0bd8062e0
                                          • Instruction Fuzzy Hash: 8DA1EC3591060ACFCF04DFA8D4848DDF7B1FF98314B259759D816AB259EB70AA86CF80
                                          Function 052017E4 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: |Pu/
                                          • API String ID: 0-2508742242
                                          • Opcode ID: 6c37248d63b9154a1c8be4995d7231fc07d322ec3cf63a7cc8092fb4c91651a1
                                          • Instruction ID: 1dbc342f67b1f361a8678c3bbcf124465fc05b7716b009dd55eb0a7344de50b0
                                          • Opcode Fuzzy Hash: 6c37248d63b9154a1c8be4995d7231fc07d322ec3cf63a7cc8092fb4c91651a1
                                          • Instruction Fuzzy Hash: 31518475E102059FDB14DFA9D848AAFBFF9EFC8310F10842AE415E7291EB749901CB90
                                          Function 06DC78EB Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: V
                                          • API String ID: 0-1342839628
                                          • Opcode ID: 345495b49057a705f2826e626b5ec2890f8bba739cf603beb7397e9bd7dae23f
                                          • Instruction ID: 260bcfd60bd888585d77bb1f52beb041f75a3d20c4d3a8569af1708d5dc188ae
                                          • Opcode Fuzzy Hash: 345495b49057a705f2826e626b5ec2890f8bba739cf603beb7397e9bd7dae23f
                                          • Instruction Fuzzy Hash: C851A530E0525ECFEB558F69D854BBDBBB2AF04321F04806EE5A69B192C774CA40DF51
                                          Function 0520201C Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: |Pu/
                                          • API String ID: 0-2508742242
                                          • Opcode ID: d215086242526cfee42c2052cb1698ec2d8c2a8511273588e678ccf79d5147d2
                                          • Instruction ID: b196444d8c0d85741cbf3b2e0e9890719a62401514079b461a0e9afc78dcea57
                                          • Opcode Fuzzy Hash: d215086242526cfee42c2052cb1698ec2d8c2a8511273588e678ccf79d5147d2
                                          • Instruction Fuzzy Hash: F9415C74A103099FDB14EFA9C484AAEBBF5FF88310F10842DE509E7351DB75A845CBA1
                                          Function 05201824 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: |Pu/
                                          • API String ID: 0-2508742242
                                          • Opcode ID: 0022754b12a6d3a1f384323de27c2935dc0589ad370f27bdd1eeed0ae5262989
                                          • Instruction ID: eb8ebf8f215b8c4aca1fe57407985ee5c128ce3e1de6fbeaddcba5bda6856d2e
                                          • Opcode Fuzzy Hash: 0022754b12a6d3a1f384323de27c2935dc0589ad370f27bdd1eeed0ae5262989
                                          • Instruction Fuzzy Hash: 8441F0B5D1170DCBDB20CFA9C988ADEBBB5BF48304F64802AD409BB241D7B56A45CF90
                                          Function 052028B4 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: |Pu/
                                          • API String ID: 0-2508742242
                                          • Opcode ID: d820d7b0dcf466c8a8d40381212c29cbfa10be0a9f88bd871836f3b245cacf6d
                                          • Instruction ID: 88ac9b35e6c2f072b7db77cbfae5672cc0e8ddd32dec083153245468e839260a
                                          • Opcode Fuzzy Hash: d820d7b0dcf466c8a8d40381212c29cbfa10be0a9f88bd871836f3b245cacf6d
                                          • Instruction Fuzzy Hash: 95410FB5C01309CBDB20CFA9C984ADEBBB5BF48304F64812AD409BB241D7756A45CF90
                                          Function 06DC7180 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: w
                                          • API String ID: 0-476252946
                                          • Opcode ID: 170556d1a165234ee7385b979159b7b71307b6a1add54dacf406181cd1dd4f62
                                          • Instruction ID: 1eaaa45614265493c9faf5265f841b10b5b4d2097779c717d9e7bd123b40e2c2
                                          • Opcode Fuzzy Hash: 170556d1a165234ee7385b979159b7b71307b6a1add54dacf406181cd1dd4f62
                                          • Instruction Fuzzy Hash: DD210B70A083859FF7668728DC64B6A7FB4EB82720F04546EF0479B292C6B4CE05CF51
                                          Function 05202044 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: |Pu/
                                          • API String ID: 0-2508742242
                                          • Opcode ID: 4b8bf12de27a9482261af399079902fbcb7ec3290a82d7ba64b9948e79b7efd4
                                          • Instruction ID: a2c2e355b6120398d35cb982b6ecde2bac038ad65cb82c47d7880efb6f309b3a
                                          • Opcode Fuzzy Hash: 4b8bf12de27a9482261af399079902fbcb7ec3290a82d7ba64b9948e79b7efd4
                                          • Instruction Fuzzy Hash: 381112B5C14609CFCB10CF9AC448B9EFBF4EF48220F10841AE818A3210D7B8A945CFA4
                                          Function 05201BF8 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: |Pu/
                                          • API String ID: 0-2508742242
                                          • Opcode ID: 7a81ff9b8c7a5dde810f039a7bc6c50aa93c4ee2e12fbfc7c0b3fadbc5f7fd1c
                                          • Instruction ID: 0581c0c2016f07f16b26e7364c829740c5e6b81a2189714d5467930f7edb0302
                                          • Opcode Fuzzy Hash: 7a81ff9b8c7a5dde810f039a7bc6c50aa93c4ee2e12fbfc7c0b3fadbc5f7fd1c
                                          • Instruction Fuzzy Hash: A6111FB5C14609CFCB10CF9AD448B9EFBF4EF88220F10841AE818A7210D7B8A905CFA0
                                          Function 05202D58 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: |Pu/
                                          • API String ID: 0-2508742242
                                          • Opcode ID: c6de354d0bf5f284d31ad41e288f4202b4e40bdd974ff339674d4692d739ae1b
                                          • Instruction ID: d628c4854c0168cc613cef2c86708a2a518fb7a51ae704aba74141668b989b1a
                                          • Opcode Fuzzy Hash: c6de354d0bf5f284d31ad41e288f4202b4e40bdd974ff339674d4692d739ae1b
                                          • Instruction Fuzzy Hash: 5F11E2B5C106098FDB10CFAAD544A9EFBF4EB48220F14851AE858A7250D7B8A945CFA5
                                          Function 052041F0 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: |Pu/
                                          • API String ID: 0-2508742242
                                          • Opcode ID: eceef287f4609a3f3ba59efa47d5d5e1711fe6103d7fe752b33cc9ce15007dcf
                                          • Instruction ID: 7cd8757fe2e4553d422a3b24063a154f3822fd9a454a6e4d485341ac6b7d827e
                                          • Opcode Fuzzy Hash: eceef287f4609a3f3ba59efa47d5d5e1711fe6103d7fe752b33cc9ce15007dcf
                                          • Instruction Fuzzy Hash: 261133B1900249CFCB10DF9AC484B9EFBF4FB48320F20841ADA58A3340C378A944CFA4
                                          Function 05203DC8 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: |Pu/
                                          • API String ID: 0-2508742242
                                          • Opcode ID: 1d04e27d58afbf1b95e0b471b5b23c63d5afddd19c80841aa3bfb6bb2c4f2842
                                          • Instruction ID: 25b5521740fee8b3476be92fb0116b428795f6f751f53ba25e09b9e1fa7ca072
                                          • Opcode Fuzzy Hash: 1d04e27d58afbf1b95e0b471b5b23c63d5afddd19c80841aa3bfb6bb2c4f2842
                                          • Instruction Fuzzy Hash: 211125B1904249CFCB10DF9AC484B9EFBF4EB48320F108419DA19A7340D775A944CFA4
                                          Function 06DC2491 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 7
                                          • API String ID: 0-1790921346
                                          • Opcode ID: 8a4ecb0000524f77313e48030f794232cb36f4ff7a0c7a918981a21e3dcd6496
                                          • Instruction ID: 1ec67a2549f91d6dedf0b7d9d1540bea1cf87e63d089f287a6a5fc9bdec3280b
                                          • Opcode Fuzzy Hash: 8a4ecb0000524f77313e48030f794232cb36f4ff7a0c7a918981a21e3dcd6496
                                          • Instruction Fuzzy Hash: 91E06D367593189BE324A639C455BDA76AADBC4325F44487DC5198B384CE72EC4287A0
                                          Function 052090E0 Relevance: .6, Instructions: 634COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 05ea47312887a22714e358fc8ab40d55cedf4af5813dc3bc5271c2f5d25e9359
                                          • Instruction ID: 8b30c2c2ae88a0e805628e89c0c919e0b0004aea947403406e36dc8d7e08ef0d
                                          • Opcode Fuzzy Hash: 05ea47312887a22714e358fc8ab40d55cedf4af5813dc3bc5271c2f5d25e9359
                                          • Instruction Fuzzy Hash: 8C62ED31910609CFDB14EF68D8986DDBBB1FF55301F018299D54AAB266EF30AAC5CF81
                                          Function 06DC4B6A Relevance: .6, Instructions: 563COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fcd41aa29fbbe7168f75f1f59f10c80e278fbdcc149ca41df9e27b66e5d0f9e3
                                          • Instruction ID: 2fab1f885f2e2a9d93390ff7179e78d93cc194250ff3297ae106c119ed2673f6
                                          • Opcode Fuzzy Hash: fcd41aa29fbbe7168f75f1f59f10c80e278fbdcc149ca41df9e27b66e5d0f9e3
                                          • Instruction Fuzzy Hash: 4F229330E0425ECFEB54CB94D964B6DBBB2BB84361F24812AE5469F399CB70DC41CB91
                                          Function 05205F68 Relevance: .6, Instructions: 551COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9caf0f6e92be0889986898a08f381996b94e444c9a6566feb3b2562ea9a6f847
                                          • Instruction ID: 26fb21994d5b0152cdc347a8dd452706600f7ca53b9c4190e56587cba4878eae
                                          • Opcode Fuzzy Hash: 9caf0f6e92be0889986898a08f381996b94e444c9a6566feb3b2562ea9a6f847
                                          • Instruction Fuzzy Hash: 7642F830E1161A8FCB14DF68C8946EDF7B1FF89300F1096A9D459B7251EB70AA95CF40
                                          Function 0520A880 Relevance: .5, Instructions: 500COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e03a2d0f5b76b4f0d20a977d1c98492c70eb43d3d1b2c28f213a09cd2fa7057c
                                          • Instruction ID: ef08653d276fc9cd38273003a2ebf3fcd49a028b1752438484d33ae2edd89a75
                                          • Opcode Fuzzy Hash: e03a2d0f5b76b4f0d20a977d1c98492c70eb43d3d1b2c28f213a09cd2fa7057c
                                          • Instruction Fuzzy Hash: 21224E30A21215CFDB14DF68C894BACB7B2FF89300F5495A8D44AAB3A6DB70AD45CF50
                                          Function 06DC33F8 Relevance: .4, Instructions: 427COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 49e90fecd290aae65832620c634aa5100186dae8243f87da9e62fc9abc6ef484
                                          • Instruction ID: 4d434023be6b2f551af12f85a5e15d35487140f4fa10022140d747793c27b6da
                                          • Opcode Fuzzy Hash: 49e90fecd290aae65832620c634aa5100186dae8243f87da9e62fc9abc6ef484
                                          • Instruction Fuzzy Hash: 89F1AF34F00209DFEB549BA9D419B6DBBB6AB88720F11C42DE506DB389CE75CC418B91
                                          Function 052090D0 Relevance: .4, Instructions: 424COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ed94885fcfbbe037dd6871438a3d208a753f7b59b3a699121d6dbcfdd09a1b87
                                          • Instruction ID: da712129737e530f1e949135e5145e1d20606afecb5acc53f4fc96711b45e28a
                                          • Opcode Fuzzy Hash: ed94885fcfbbe037dd6871438a3d208a753f7b59b3a699121d6dbcfdd09a1b87
                                          • Instruction Fuzzy Hash: D9121F319116198FDB14EF68D8986DDB7B1FF54300F058299D54AAB266EF30AEC6CF80
                                          Function 06DC33E8 Relevance: .4, Instructions: 388COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 35d2518b0509223b686836944ac8b9ea2c690f09612fd5df6119dbbba78a7e1f
                                          • Instruction ID: 565e95fa2fdd5377569236afb5b1da4736a7d9e5226b3a9e5b7d1cbc3a553219
                                          • Opcode Fuzzy Hash: 35d2518b0509223b686836944ac8b9ea2c690f09612fd5df6119dbbba78a7e1f
                                          • Instruction Fuzzy Hash: E7E1AE34F04209DFEB549B64D819B6DBBB6AB88720F21C52DE502EB388CE71CC41CB91
                                          Function 05205F5B Relevance: .3, Instructions: 331COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c7487fcabd7f9dd0d26994d10068104c6b74b7e1bd50959120d49d510a9a2b4
                                          • Instruction ID: 6c88175cbab7dd1c64398578169708e4f0e8c327fb99c41f44f95b802253ffe1
                                          • Opcode Fuzzy Hash: 6c7487fcabd7f9dd0d26994d10068104c6b74b7e1bd50959120d49d510a9a2b4
                                          • Instruction Fuzzy Hash: 02E1DA31E216198FCB14DF68C8946EDB7B2BF49300F1496A9D419BB252EB70AD95CF40
                                          Function 0520C658 Relevance: .2, Instructions: 229COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb590b39eacba0e92877b83f96b5881a0c88febd521e8b7bd1ccd16e87cc63f2
                                          • Instruction ID: 5a0c49fdbce06c77c2ff64a3433b95830fc172db2f7b6bb865e2c394bfa8f5f6
                                          • Opcode Fuzzy Hash: fb590b39eacba0e92877b83f96b5881a0c88febd521e8b7bd1ccd16e87cc63f2
                                          • Instruction Fuzzy Hash: B7815D70B10205CFDB19DB68D490A6EBBF6FF89700B54856DD40AAB3A5DB74AC42CB90
                                          Function 06DC0040 Relevance: .2, Instructions: 219COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e3639222fac0cf46ec2e02024a4b8e6ee4f3c5018febd6970e79ba39d36755f1
                                          • Instruction ID: fe82117bd68a42abde2f0ba895ff480c5f7201c2c59c3765145f55f4ff109446
                                          • Opcode Fuzzy Hash: e3639222fac0cf46ec2e02024a4b8e6ee4f3c5018febd6970e79ba39d36755f1
                                          • Instruction Fuzzy Hash: 7181E534720615CFCB14EF68D498A6A7BF6FF89A15B1541A9E502CB375DB72EC01CB80
                                          Function 06DC3707 Relevance: .2, Instructions: 206COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 284ab3ee53a57bb1e9a1ffd4815876b41e27f18401f95acea7f3059b96226c5e
                                          • Instruction ID: 6eeca396924a64ea34155205d0ca9685ccfcc8623e6bd0df2f2d257ce7beb238
                                          • Opcode Fuzzy Hash: 284ab3ee53a57bb1e9a1ffd4815876b41e27f18401f95acea7f3059b96226c5e
                                          • Instruction Fuzzy Hash: 2A716E34F00209DFEB549B65E819B6D7BB6AB85760F11C52DE512DB3C8DE7088418B91
                                          Function 06DC3FB8 Relevance: .2, Instructions: 204COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 93baf72e0ee3eb716aa27bbcf9e3a6475fb9658bd75ab61006ec710e10857890
                                          • Instruction ID: 8f2acebd17889855ca132043f23fc4f25065e060752763d26bbf392d372f4bd9
                                          • Opcode Fuzzy Hash: 93baf72e0ee3eb716aa27bbcf9e3a6475fb9658bd75ab61006ec710e10857890
                                          • Instruction Fuzzy Hash: 70818830E0420ADFCB84DFA9C6A4AADBBF2FF44310F1585AAD055EB265DB70D980CB51
                                          Function 06DC4FDC Relevance: .2, Instructions: 202COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 422148d5991944cee47755588391d39d029937af991c48e8fe1b3682411738b3
                                          • Instruction ID: e55d65e943f149840fcfa1b1f31712b9dd24560b5342938878ffe3a6908ff3c3
                                          • Opcode Fuzzy Hash: 422148d5991944cee47755588391d39d029937af991c48e8fe1b3682411738b3
                                          • Instruction Fuzzy Hash: 81718130E0420EDFEBA48B95E554BADB7B2FB40331F64811EE552AB299C770EC51CB91
                                          Function 06DC8B50 Relevance: .2, Instructions: 202COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 28fc096520a62b671940caa55da7940782f9245c86dfe323c46942ab6b04477f
                                          • Instruction ID: 948635b6f63fef3ba7374d1bbd071f316e521bc69047c4b124753eca9ccbc5e9
                                          • Opcode Fuzzy Hash: 28fc096520a62b671940caa55da7940782f9245c86dfe323c46942ab6b04477f
                                          • Instruction Fuzzy Hash: 1E718471E0411ECFEB548B58C444FBD7FB6AB84325F18826EE095AB292C674CD40EB91
                                          Function 05208940 Relevance: .2, Instructions: 197COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9052c989e93134b43a308dcd6b8d7f6dcfdaed32e9a07bd9b2a6bad67389a4b5
                                          • Instruction ID: 5772d0a0addd1715329ecccbf77c70ba8ec9b00477377003c5ea115d99c8d512
                                          • Opcode Fuzzy Hash: 9052c989e93134b43a308dcd6b8d7f6dcfdaed32e9a07bd9b2a6bad67389a4b5
                                          • Instruction Fuzzy Hash: EB91F97191060ACFCB41EF68C880999FBF5FF49310B14979AE819EB256E770E985CB80
                                          Function 0520EFF0 Relevance: .2, Instructions: 195COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9750791ca0ea6c72bd6ddc9c4dee8830180997b15dfa160b54aa7387674d1a11
                                          • Instruction ID: 9dceb3f303d22367139bfd9401b831e632984ae67a66e0e975c7df12b126e14a
                                          • Opcode Fuzzy Hash: 9750791ca0ea6c72bd6ddc9c4dee8830180997b15dfa160b54aa7387674d1a11
                                          • Instruction Fuzzy Hash: 98915F32810B028BDB15EF79D894295B7B1FF99310B19CB7ADC597B216EB30A590CB80
                                          Function 0520F000 Relevance: .2, Instructions: 189COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8b819e94855293881cee78c4c59b0c90c6646511b19f39e4b0da1effc49bd669
                                          • Instruction ID: 9d3f974866d7e04efcc993ee4ca38308e9a42087b7e7a7a76246dc7085cd5ffa
                                          • Opcode Fuzzy Hash: 8b819e94855293881cee78c4c59b0c90c6646511b19f39e4b0da1effc49bd669
                                          • Instruction Fuzzy Hash: BB914E32810B068BDB15EF79D894195B7B1FF99310B19CB7ADC597B216EB30A590CB80
                                          Function 06DC3792 Relevance: .2, Instructions: 179COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e73ebb025a5baa6052a6f185c05d5fba12cd39223feb36c6231ea96c86173dfd
                                          • Instruction ID: cbf7cee634041a858c0d5d0bf4eb503e682b21ee9ff96245027120d375d797bb
                                          • Opcode Fuzzy Hash: e73ebb025a5baa6052a6f185c05d5fba12cd39223feb36c6231ea96c86173dfd
                                          • Instruction Fuzzy Hash: 0E517B34F00208DFEB54AB74E819B6D7BA6AF89750F11C529F912EB3C8CE708C018B91
                                          Function 06DC75D9 Relevance: .2, Instructions: 179COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ecb8bc81206e670e19394c8a88d247391292854a84125465bdd7755a462604a1
                                          • Instruction ID: 8e4ab7b53c0922437654c491a18f47b554bc220e9f52ac05b7223c95bc832bbb
                                          • Opcode Fuzzy Hash: ecb8bc81206e670e19394c8a88d247391292854a84125465bdd7755a462604a1
                                          • Instruction Fuzzy Hash: 07715C31A0560ACFDB94CF69C584EA9BBB2FF44324F15899ED1569B6A6C370E840CFD0
                                          Function 06DC8B4C Relevance: .2, Instructions: 178COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e0b78eccd8bb23309371e6373a1c679b8d17fa30d345946b97aee7e712dabfd5
                                          • Instruction ID: 3a2374a79573a91052f422cfff8738feb0b79dc81bf971c8360e29ea1b058a4e
                                          • Opcode Fuzzy Hash: e0b78eccd8bb23309371e6373a1c679b8d17fa30d345946b97aee7e712dabfd5
                                          • Instruction Fuzzy Hash: 63618071E0511ACFEB908B58C444FBDBFB2EB44331F09826EE095AB292D334C940EB91
                                          Function 05207CC8 Relevance: .2, Instructions: 176COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: df8fe830f46ed7d3755c5ceddbdef37b806307281feb5d45af3a219f6879c58c
                                          • Instruction ID: 87c398a9ce48dd234fea3ab659ddad6b0980ba39021df18e2654d1959a00dc67
                                          • Opcode Fuzzy Hash: df8fe830f46ed7d3755c5ceddbdef37b806307281feb5d45af3a219f6879c58c
                                          • Instruction Fuzzy Hash: B471AA79700A01CFC718DF29C498959BBF2FF8921471589A9E54ACB3B2EB72EC41CB50
                                          Function 05202178 Relevance: .2, Instructions: 174COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: de7192b26ddfbd93fcef00bcdca5721f33bb48de8e45c5f845aec892a00b81c9
                                          • Instruction ID: c5d9eec4a058cf3c357aaa23e9ad710d2d0a780a97b3d5e550d5e46a8e73b44a
                                          • Opcode Fuzzy Hash: de7192b26ddfbd93fcef00bcdca5721f33bb48de8e45c5f845aec892a00b81c9
                                          • Instruction Fuzzy Hash: 7641B675E12218DFCB18DFA4E8586AEBFB6FF85300F10896AE445A7392DB309D55CB40
                                          Function 05201C24 Relevance: .2, Instructions: 173COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7d3b3c51bbcf32cdb6bab71e72efe405de9abae957b5bfc1a48716de7eae6020
                                          • Instruction ID: 6c986abdb81d0438814b4bd19ec5cb9df0051f12daa9a262d41f1dae17e04b10
                                          • Opcode Fuzzy Hash: 7d3b3c51bbcf32cdb6bab71e72efe405de9abae957b5bfc1a48716de7eae6020
                                          • Instruction Fuzzy Hash: 0651DF35710205CFDB19AFA8C84866F7AA6FFC4350B14856AE50AAB3D5CF34DC12CBA5
                                          Function 05207CB8 Relevance: .2, Instructions: 173COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 527e444aec21526b5b58ecf8dffb056bd5a2b6689cb8e8771454750c7dc91917
                                          • Instruction ID: 88372003d43a1d53142aedb344a7c18bf9f351f93570e0b2ebd6af516f79cad0
                                          • Opcode Fuzzy Hash: 527e444aec21526b5b58ecf8dffb056bd5a2b6689cb8e8771454750c7dc91917
                                          • Instruction Fuzzy Hash: D171BE79600A00CFC718DF29C498A59BBF2FF89314B1589A9E54ACB772DB72EC45CB50
                                          Function 06DC4ACC Relevance: .2, Instructions: 172COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cd4fbd57a4b9e589c4323038d64de2aa3abe95d9313692472ee5449a1a83c995
                                          • Instruction ID: 9ccb923f46a7506dc030b777c4f1d381d7f67935e3eb6df1d95a7ce75f4ed3b0
                                          • Opcode Fuzzy Hash: cd4fbd57a4b9e589c4323038d64de2aa3abe95d9313692472ee5449a1a83c995
                                          • Instruction Fuzzy Hash: 28519161A0E3D54FD707EB785CA44EA7FB1DE8326030A45DBD495DB193E9248C09C7A2
                                          Function 05207AD8 Relevance: .2, Instructions: 172COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 896f977b1e43d540d0ea36d48a85628eaa785838dac0cfd1247d4ccfaf8dd769
                                          • Instruction ID: ec29ebe42038157fcd9f56759cb2e5499f26ad34ea194769e668cf46fd6fbe0b
                                          • Opcode Fuzzy Hash: 896f977b1e43d540d0ea36d48a85628eaa785838dac0cfd1247d4ccfaf8dd769
                                          • Instruction Fuzzy Hash: 2B71B074A156068FCB08DF69C584999FBF1FF48314B0996A9E80ADB352E730EC85CF90
                                          Function 0520A871 Relevance: .2, Instructions: 165COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 72386e197f2b46a27aefeffa95de2197c4e6d772087c99e6698fe70e57b26519
                                          • Instruction ID: ed25679e87a5515ef6757f7fe0d17ba96b585d196aa0d70410e21dad0361c1d5
                                          • Opcode Fuzzy Hash: 72386e197f2b46a27aefeffa95de2197c4e6d772087c99e6698fe70e57b26519
                                          • Instruction Fuzzy Hash: C95159307206018FDB14EF29C898BAD77B2FF89310F5596B8D55A9B3A2DB709C458B50
                                          Function 05208931 Relevance: .1, Instructions: 148COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c43c0d2adfd4bf4fe75756fd7f9574e18d244d1e53f90d404ed68a8caf60b08c
                                          • Instruction ID: a56098b4847a47f2dc5a33fa21139d5c65dab75f8c353feee05c88dd6111c591
                                          • Opcode Fuzzy Hash: c43c0d2adfd4bf4fe75756fd7f9574e18d244d1e53f90d404ed68a8caf60b08c
                                          • Instruction Fuzzy Hash: D4611A7191070ACFCB41EF68C880999FBB4FF49310B14D75AE859EB255EB70E985CB80
                                          Function 0520B1E8 Relevance: .1, Instructions: 141COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bc1ab72d7fbc07757ba378db18214724b3c3b5458a6103e1b235eee066bd6fc0
                                          • Instruction ID: 39d316d2ee2bee9bc5d30e9355a808db2548bfa116533bbbf11579d35f65f8ce
                                          • Opcode Fuzzy Hash: bc1ab72d7fbc07757ba378db18214724b3c3b5458a6103e1b235eee066bd6fc0
                                          • Instruction Fuzzy Hash: 524102317256218FCB2DB779841426E77E2BFC56507148169C90ADB3D6DF24CC4287E5
                                          Function 06DC6478 Relevance: .1, Instructions: 129COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 84fe5d09f7737ad7c5545c38e4425588712f48317ee5159210ada13c6b64d9a0
                                          • Instruction ID: 9760a083343d4a7355ae4c6ad2d86804358ed87c2fdf91e5e8c06b4e6342df8a
                                          • Opcode Fuzzy Hash: 84fe5d09f7737ad7c5545c38e4425588712f48317ee5159210ada13c6b64d9a0
                                          • Instruction Fuzzy Hash: C7412A71E192DACFD7508769C41077ABFB59F46264F2880BED155CB247CA35C842C792
                                          Function 06DCECB8 Relevance: .1, Instructions: 126COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9d3f41142344644ba36ba8bfa81fc98fd100308cffc7a90659e1b16dce37fdf6
                                          • Instruction ID: a853f4ca668f7c29c5067c7c08af4f8d0e228ab7efb61452782c24417dc3e579
                                          • Opcode Fuzzy Hash: 9d3f41142344644ba36ba8bfa81fc98fd100308cffc7a90659e1b16dce37fdf6
                                          • Instruction Fuzzy Hash: 2D4124B4E0920ACFEB48CFAAC4446EEBBF6ABCC311F14D129D459A7255D7348941CBA4
                                          Function 06DC6F5A Relevance: .1, Instructions: 123COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 995d36b4c6b832fc828c0fa361500b41ccc1ab83f20f7cbeb842ae45d4cd3c6f
                                          • Instruction ID: ea4bc24fdb6278385933f099092f4d19f0b26d179e5e81b3e583003f4172a34e
                                          • Opcode Fuzzy Hash: 995d36b4c6b832fc828c0fa361500b41ccc1ab83f20f7cbeb842ae45d4cd3c6f
                                          • Instruction Fuzzy Hash: B141AF6451EBC08FC3279B7994541417FB0AE8720274AC9DFC4D1CFAB7C669981AC726
                                          Function 06DC0540 Relevance: .1, Instructions: 121COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 690f577c0df350d222ff385879b4224ade189605803281215350d40919f17ca1
                                          • Instruction ID: 40ead9517b0a80f495f7bc240a468f00474946ca1059d90003bae2251e5f3cb4
                                          • Opcode Fuzzy Hash: 690f577c0df350d222ff385879b4224ade189605803281215350d40919f17ca1
                                          • Instruction Fuzzy Hash: 29418C74E01219CFDB54EFB4D4583ADBAB6EB88320F54682DD901A7380DB398981DBD1
                                          Function 06DC49CF Relevance: .1, Instructions: 110COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 81ea5178c6b9843b2862df1318d0a36b113c8470d7b774c52fdc9fb54c6e57e3
                                          • Instruction ID: e1088d2877b989fc6c49314ea2b741628da3c1ea69d5dff0e002fb40bd0f3c13
                                          • Opcode Fuzzy Hash: 81ea5178c6b9843b2862df1318d0a36b113c8470d7b774c52fdc9fb54c6e57e3
                                          • Instruction Fuzzy Hash: C631B42280F3E1AED747A73858B05CABFB09D5366870A55CBC1D5CF0A3D9584C5CC7AA
                                          Function 06DC2DB0 Relevance: .1, Instructions: 107COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7fce1a9c7b881ef2a84d35af5a65cbeace9e555a83f201f733457aa7b8ce3579
                                          • Instruction ID: 86d6b01e043eb29e41b7e09da88ef40e6ebcab23311725fde2ad2c4cf2a79d42
                                          • Opcode Fuzzy Hash: 7fce1a9c7b881ef2a84d35af5a65cbeace9e555a83f201f733457aa7b8ce3579
                                          • Instruction Fuzzy Hash: 36410630A0424ECFDB45DB78D45076A7FB5EB49330F04495ED192EB286CB75DA80CBA5
                                          Function 05206BF0 Relevance: .1, Instructions: 105COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e79556fcdc2c79489404df36eae4720b49df3abf326f0f09cb413ad81ebbb46a
                                          • Instruction ID: b2daaadfb4ba7b037a303694e901b2c88efceb507bda372ad17fd07a38400664
                                          • Opcode Fuzzy Hash: e79556fcdc2c79489404df36eae4720b49df3abf326f0f09cb413ad81ebbb46a
                                          • Instruction Fuzzy Hash: 10412F34A10709CFCB04EF78C89499DBBB6FF89304F018559E519AB365EB71A946CF81
                                          Function 05206C00 Relevance: .1, Instructions: 101COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ddc7ee0304cf859502fbd15db032ebb86cea5cb7aa2e68bdc1dfeb7b6f60b384
                                          • Instruction ID: 20a4b0066a86b66999b96ce0950829f2732c5ae9ae3bc06e81a82a4225e24760
                                          • Opcode Fuzzy Hash: ddc7ee0304cf859502fbd15db032ebb86cea5cb7aa2e68bdc1dfeb7b6f60b384
                                          • Instruction Fuzzy Hash: A1412E34A10709CFCB04EF78C49499DBBB6FF89304F018559E5196B365EB71A946CF81
                                          Function 06DC89A8 Relevance: .1, Instructions: 97COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ac929535d3fe2efff66517bc89ff1c1f300d5589b5cdfec673d4572a98db40d0
                                          • Instruction ID: 2cbe2d76c10810fdc29b93774c6878549e6f465f20be35082bd5c78a96274f28
                                          • Opcode Fuzzy Hash: ac929535d3fe2efff66517bc89ff1c1f300d5589b5cdfec673d4572a98db40d0
                                          • Instruction Fuzzy Hash: 4331EFB1E0425A8FD7408F59C841BAEBFB1EB41224F1440AEE095DB292C775CA42EB92
                                          Function 06DC89B8 Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f34cea77bec0771ec8c0a3e85aa12cd0041e7bd0f52f7b66557aae7d99d0cc25
                                          • Instruction ID: 681036b581b249d7708eafed46249a03614c93a545fa759d900786bbff3ec5a5
                                          • Opcode Fuzzy Hash: f34cea77bec0771ec8c0a3e85aa12cd0041e7bd0f52f7b66557aae7d99d0cc25
                                          • Instruction Fuzzy Hash: 9531D0B0A0425ACFE7408F59C845FAEBFB1EB85324F10406EE095DB391C775DA42EB92
                                          Function 05207AC7 Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 45f038fe550e52c26782db669e28848738535621e39767bdff3502a30380115d
                                          • Instruction ID: c34871ff927dbff3b533cef377adc08eaea7b2463d44d0b31603164f2f0c773a
                                          • Opcode Fuzzy Hash: 45f038fe550e52c26782db669e28848738535621e39767bdff3502a30380115d
                                          • Instruction Fuzzy Hash: 52411774A15206CFC714DF28C584A99FBF1FF49310B1996AAE40ADB392E730EC85CB90
                                          Function 05204779 Relevance: .1, Instructions: 94COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d61a77e42c9a2e556389fd67f13ab29c617ac27b77a6e1f11174b2305d9abdf7
                                          • Instruction ID: 16c257dddb3a906647aaa25213e0db96b968dcec3aeb5fec555a3ef160f47a9c
                                          • Opcode Fuzzy Hash: d61a77e42c9a2e556389fd67f13ab29c617ac27b77a6e1f11174b2305d9abdf7
                                          • Instruction Fuzzy Hash: EA411775A0020ADFCB40DFA8D88499DFBB5FF49314B14C699E918AB355E730E985CF90
                                          Function 05202428 Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 63cb1b0147548c22b9eb8403082152226aeb75c6d599e2c5482b09ac35d49813
                                          • Instruction ID: 3120594e90f951c6c6e6c4893ad69086d3aa2a3cb1da83ae7a64e882ef200553
                                          • Opcode Fuzzy Hash: 63cb1b0147548c22b9eb8403082152226aeb75c6d599e2c5482b09ac35d49813
                                          • Instruction Fuzzy Hash: AA31E836A153468FDB06DB78DC906EE7FB6BF85200F48006BD505E7292EB348905C7A1
                                          Function 05204788 Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 764ae5c5b2e5e845d9bdc8749c1f7bf3a47f2fa5dff791944cbbd48c34ad2ee8
                                          • Instruction ID: 54febde0cc340b6e30235896ef20a7448452e688ca4b401871866e8ff465dbb7
                                          • Opcode Fuzzy Hash: 764ae5c5b2e5e845d9bdc8749c1f7bf3a47f2fa5dff791944cbbd48c34ad2ee8
                                          • Instruction Fuzzy Hash: BB41F875A0020ADFCB40DF69D88499EFBB5FF49314B14C659E918AB315E730E985CF90
                                          Function 05206AF8 Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dc52a11327420148aae1cf95c4d0b882e5c7cc17dcb92ec2db3e4b138b2d2829
                                          • Instruction ID: 7ac9298659f3261b91ebb079af3178f9a877f9ed271bd64e15ee9f730968d32c
                                          • Opcode Fuzzy Hash: dc52a11327420148aae1cf95c4d0b882e5c7cc17dcb92ec2db3e4b138b2d2829
                                          • Instruction Fuzzy Hash: E8317E31B116159FCF04EB68E8548EDF7B6FF89310B058169E506AB351EB31AD46CB80
                                          Function 05203FF4 Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2d2a3f9957a74e7cc6eede2a9b94043c0b02e0918f34f1f6d98f792c1aa31536
                                          • Instruction ID: e3f66ad7711f97fd4a7fe42eb02f5bea35dd4d74726810aff0b9807e93212c08
                                          • Opcode Fuzzy Hash: 2d2a3f9957a74e7cc6eede2a9b94043c0b02e0918f34f1f6d98f792c1aa31536
                                          • Instruction Fuzzy Hash: 07215E323252118FDB14DB2CD8C96693FE6FF85710F1995A9E10ACF3A2EA65DC018F90
                                          Function 06DC0530 Relevance: .1, Instructions: 86COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2d03d0bbd6ec544cd229352b5c035d77660fafb409cd60e47c9bee342968b381
                                          • Instruction ID: aa846044ddde064a1c8226a187f38abb19e679efee8364bd19b2ad0e504042cc
                                          • Opcode Fuzzy Hash: 2d03d0bbd6ec544cd229352b5c035d77660fafb409cd60e47c9bee342968b381
                                          • Instruction Fuzzy Hash: 5831BF70E0170ACFEB54EF7484543AD7AB6EB88320F14583DD501A7380DA7A8981DBD1
                                          Function 06DC61CD Relevance: .1, Instructions: 86COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cbab629e6dbff75e64986759b5f013ccd46d9cb9aef2dd81dadacd2e3d05d7f9
                                          • Instruction ID: b6e2c21aeb1ab2a3aa4b3a7c28ee40dcc9c9c4b442d43be5a0231c00e3295e5a
                                          • Opcode Fuzzy Hash: cbab629e6dbff75e64986759b5f013ccd46d9cb9aef2dd81dadacd2e3d05d7f9
                                          • Instruction Fuzzy Hash: 3F31DC60D086EE8FD7618B6DC91037ABBB1AF85232F14826BD5F5C72D6C678C441C791
                                          Function 0520C648 Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9c22f4f19d2bccb1f7df8242a1d198d6df36fd0e3e7cd1db864bb603180e2aa0
                                          • Instruction ID: e4ff0bdc51874371b33c5a2a6a6558183b9e699c3458ec0309670c59eac9db2e
                                          • Opcode Fuzzy Hash: 9c22f4f19d2bccb1f7df8242a1d198d6df36fd0e3e7cd1db864bb603180e2aa0
                                          • Instruction Fuzzy Hash: E0316F70A1120ADBDB15DF68D484AAEFBB6FF49710F14962CD41ABB391DB70AC41CB90
                                          Function 05202A38 Relevance: .1, Instructions: 84COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 00b5c321bb12c818effce0f53ca41135561aa9a415d6a7c19704f0aa4a637176
                                          • Instruction ID: 189825adbabcddd14c74a8e7c61cbf72f7595b0faf1d27f87cef8d79a532e634
                                          • Opcode Fuzzy Hash: 00b5c321bb12c818effce0f53ca41135561aa9a415d6a7c19704f0aa4a637176
                                          • Instruction Fuzzy Hash: CF217371B111059BDB15EBA9CC44ABFBBFAAFC4300F10812AE514D3251EB708A11CB90
                                          Function 052027B8 Relevance: .1, Instructions: 82COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c6f2a98baa89f7439cc51760b83a9ad1d58b1682333b2d8827bcb15de832d911
                                          • Instruction ID: 26ee2a055ceaac4d16517223641b0cef05c1a542fcc17dd558c6f46705a8b197
                                          • Opcode Fuzzy Hash: c6f2a98baa89f7439cc51760b83a9ad1d58b1682333b2d8827bcb15de832d911
                                          • Instruction Fuzzy Hash: 1621E276A102018FCB14EB78D84899BBBFAFF85214B14C56DD10ADB391EF71E905CB91
                                          Function 06DCBBF8 Relevance: .1, Instructions: 78COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 53aa2829f6ae03e66fd964b6c2d1a179b0cf0f621f6a6ee28a6b22ade075c854
                                          • Instruction ID: 333032d867c4a842c49c7e72c2f11d93dc88098c11316bd07adb66746be7d27f
                                          • Opcode Fuzzy Hash: 53aa2829f6ae03e66fd964b6c2d1a179b0cf0f621f6a6ee28a6b22ade075c854
                                          • Instruction Fuzzy Hash: 7D214530B0424EDFD7244BB58A4272A7B76BF82321F14806FD1478F296CE60CC01C795
                                          Function 0520FD11 Relevance: .1, Instructions: 78COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 41e6e52fea66de1585dcad1a53e14ea5c9cb4937d9a1e42c5510d6c83f5e8e39
                                          • Instruction ID: f7e30e244c55e9e7a97766f5ce677002843c79d59b5c62defbd83de0f4c9d1c5
                                          • Opcode Fuzzy Hash: 41e6e52fea66de1585dcad1a53e14ea5c9cb4937d9a1e42c5510d6c83f5e8e39
                                          • Instruction Fuzzy Hash: 542165303602119FE718AB28C559B7E76A6EF88B04F14446DE406CF7E6CFB6EC428790
                                          Function 0118D1FC Relevance: .1, Instructions: 76COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2090416409.000000000118D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_118d000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ad0552fe5f99555557909889fa0fdef9a2a0f79e31b51c401a6f28ffc73aa361
                                          • Instruction ID: 1bdcfc5ab1474bc6539aecd2ef04ac9a95079e75e96192d32c56e98fff94f342
                                          • Opcode Fuzzy Hash: ad0552fe5f99555557909889fa0fdef9a2a0f79e31b51c401a6f28ffc73aa361
                                          • Instruction Fuzzy Hash: 9E21F772504344DFDF09EF94E9C0B26BF66FB84320F20C569E9050A296C376D416CF62
                                          Function 06DC07F8 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 197edb61bff73b7291ca99bf2f287978c2af28d3ff13cbffc2e40785212c552e
                                          • Instruction ID: 938c6b03b61ca0789500a8327e43e724c676005893ce4abd979f0c5053a2f14d
                                          • Opcode Fuzzy Hash: 197edb61bff73b7291ca99bf2f287978c2af28d3ff13cbffc2e40785212c552e
                                          • Instruction Fuzzy Hash: 3621C435E1021AEFDF05ABA4D884D9DBBB6FF89300F458529E102BB260DB71A855DB90
                                          Function 0520FD20 Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1e5b95d92891f37b81dd93addf7fb9035fdf9f01130ee3d3286a4566ad609a67
                                          • Instruction ID: 85ced282b59d32f0ef44bfb38f4c9abb3d7397241959e4b91275df6a8714eddd
                                          • Opcode Fuzzy Hash: 1e5b95d92891f37b81dd93addf7fb9035fdf9f01130ee3d3286a4566ad609a67
                                          • Instruction Fuzzy Hash: F72124303602118FE718AB28D469B7F7696EF89B05F14446DE406CF7E6CEB6EC428791
                                          Function 0520F4D9 Relevance: .1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fc3f8b5bdd0b3e20694dd8529ee9ce4084f7f19092cc0896a4aca272aa019f57
                                          • Instruction ID: ed361b3fd42b63c0f0d40782ae5e8ae0c2a878371e759d5a447d52780affc09d
                                          • Opcode Fuzzy Hash: fc3f8b5bdd0b3e20694dd8529ee9ce4084f7f19092cc0896a4aca272aa019f57
                                          • Instruction Fuzzy Hash: DC21D131A107018BDB04EF39C894395B765EF96304F0985B9DC4A6F357DF75A844CB91
                                          Function 0119D01C Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2090481072.000000000119D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0119D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_119d000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6ffa09b205b1a2c7f84de73c7b62abe24373216d9b72baddd1198bb9082e8704
                                          • Instruction ID: a4395a95d5b1e954ca63d5ef2fc5830a2a729e93eaace13e25a46e4ab436c0dd
                                          • Opcode Fuzzy Hash: 6ffa09b205b1a2c7f84de73c7b62abe24373216d9b72baddd1198bb9082e8704
                                          • Instruction Fuzzy Hash: A9212275604300EFDF19DF68E9C0B26BB61FB84354F28C56DD90A0B252C77AD407CA62
                                          Function 0119D1D4 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2090481072.000000000119D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0119D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_119d000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a61813f60c9f8837fba7ff448c5abcdbd214706037970f95da4a4fdc87b4e902
                                          • Instruction ID: feac595c09e93f15087ae9e6fe90ac02ab2f490b84a2e4ba7c5e1cd0dcff3ae2
                                          • Opcode Fuzzy Hash: a61813f60c9f8837fba7ff448c5abcdbd214706037970f95da4a4fdc87b4e902
                                          • Instruction Fuzzy Hash: F22126B5504304EFDF0DDF94E9C0B26BBA5FB84324F20C5ADE91A4B292C776D446CA62
                                          Function 0520C248 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: add5f1f397984d4802a3a6fc043920791a318b158ef2d8eca10e41583dc7d8e5
                                          • Instruction ID: e916e46398603815dbf4fb17e54f9cc9816469681c551de986a949729efd2246
                                          • Opcode Fuzzy Hash: add5f1f397984d4802a3a6fc043920791a318b158ef2d8eca10e41583dc7d8e5
                                          • Instruction Fuzzy Hash: 502180357112118FCB189F19D584E7A77BAFF88621B05982DEA0A87792CB71E881CB50
                                          Function 0520C2A8 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2ef623f82b3c342f0434b5867dd80a5a944823e87fab4b7a399e268be39ef542
                                          • Instruction ID: e114b49a2df99357142a9d0bf6da8c5ac41f639fa4d19f637f7dcb89c2359f60
                                          • Opcode Fuzzy Hash: 2ef623f82b3c342f0434b5867dd80a5a944823e87fab4b7a399e268be39ef542
                                          • Instruction Fuzzy Hash: 01212131A107018BDB04EF39C8942A6BB61EF96304F0885B9DC4A6F357EF71A884CB91
                                          Function 05205998 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1f62ac94587d015f07061026af40fb400a3efeb436d32cd1900c116ec1a9f5c8
                                          • Instruction ID: 5fb92b3e8bad87db30c05fbae04e13f79ec4a7ab982ce297e2005047f49b6d4d
                                          • Opcode Fuzzy Hash: 1f62ac94587d015f07061026af40fb400a3efeb436d32cd1900c116ec1a9f5c8
                                          • Instruction Fuzzy Hash: 041184367252118FD714DA2DDC957A93FE5FF85710F0D81BAD04ACB3A3EA69C8058B90
                                          Function 05209AF0 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f479c0630fcbfb7e858a9985f9600a25255d67bc3b58517b98c442912da5ebf
                                          • Instruction ID: 88d5d3a06712e2c2dcc0516051d5c6ae2320c1634ec86b08f3626b27836eb47a
                                          • Opcode Fuzzy Hash: 0f479c0630fcbfb7e858a9985f9600a25255d67bc3b58517b98c442912da5ebf
                                          • Instruction Fuzzy Hash: 58217F31A106098FCB00EF69D84099AFBB5FF49351B40C36AE958A7200EB30E998CB90
                                          Function 06DC0808 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a9baf55f18464a1dbf69a5f67d4425ed382892962c02c881b61f9866256b34c9
                                          • Instruction ID: 74cd84ff2ddeb7ff2a823314d7cc2b9709ffe10e703db4bdd998b87a52cd337f
                                          • Opcode Fuzzy Hash: a9baf55f18464a1dbf69a5f67d4425ed382892962c02c881b61f9866256b34c9
                                          • Instruction Fuzzy Hash: 2821B035A1021AEFDB05EBA4D848D9EBBB6FF89300F058519E102BB260DF71A855CB90
                                          Function 0520E358 Relevance: .1, Instructions: 66COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6767b95652e50bdd031574249889062d705a74be7c5c1348094e02d7fd8ed414
                                          • Instruction ID: 89f19aeecb3dfd4e48b953a7f32ec2f060ec4f02d2c7fcca5cc15cdf9813fbd4
                                          • Opcode Fuzzy Hash: 6767b95652e50bdd031574249889062d705a74be7c5c1348094e02d7fd8ed414
                                          • Instruction Fuzzy Hash: 962160357112119FDB28DF19C584E7A77BAFF88611B06982DE90A87792CB31FC81CB50
                                          Function 0520CD78 Relevance: .1, Instructions: 65COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c2bfbc1652fee9aaabc1fc9058a15c0adaa6b550279f726b658385b8756f250e
                                          • Instruction ID: 1754988b357a8013ceb8efa771c23c3f6b4d472a6de5f3a5ae3112c36a7436ad
                                          • Opcode Fuzzy Hash: c2bfbc1652fee9aaabc1fc9058a15c0adaa6b550279f726b658385b8756f250e
                                          • Instruction Fuzzy Hash: 7F11A1B076161597DB283279542927EBA9B9FC1225F04123ADA0BE72C6DF7ACC038791
                                          Function 06DCBBE9 Relevance: .1, Instructions: 64COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c9f06cb03af7be9dd648eb84a4068b8040e7c6a07fd79ae47316c62fe609f191
                                          • Instruction ID: 2eec456be9315b1dfc1754258063c2f3c8b8a039662ce5d7e8398b331b040697
                                          • Opcode Fuzzy Hash: c9f06cb03af7be9dd648eb84a4068b8040e7c6a07fd79ae47316c62fe609f191
                                          • Instruction Fuzzy Hash: 31113630B4524ADFD7208BB49A827687B62AF82331F58856FD1468F296CA30C801C796
                                          Function 052027A8 Relevance: .1, Instructions: 62COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1d83bb48e1ec5ee84223586105f74a23f1f0cfb5aac5f7287b0b7dc557bed794
                                          • Instruction ID: 7f6b0151b20e1a1c7303a11468ea70d03936cf943146cef1866f8b944e9461d2
                                          • Opcode Fuzzy Hash: 1d83bb48e1ec5ee84223586105f74a23f1f0cfb5aac5f7287b0b7dc557bed794
                                          • Instruction Fuzzy Hash: 9B11AF756102058FDB04EB69C8449AAB7FAFF85600B04896AE506DB391EF74ED058FA1
                                          Function 06DC3C30 Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f3d988def8f80ed787558642fb5897631fadcbbf19346f9c885dbd03ac5b22c8
                                          • Instruction ID: cbb9e82bc556b4657d4bd4b53c768cd82558b4532a9f181e1744751bf9d62567
                                          • Opcode Fuzzy Hash: f3d988def8f80ed787558642fb5897631fadcbbf19346f9c885dbd03ac5b22c8
                                          • Instruction Fuzzy Hash: 6A119B30A042A9EFE7409768A90577D3FE5AB40315F14C0BEE545CF389CA768842C790
                                          Function 06DC3C20 Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e183e5ff5ccf2603a3b3137aa0a433f978f4a2426b6d2cfa440bad3400b605e9
                                          • Instruction ID: 0c8676f63c99db89fe6eedeea548ef06b4e9e62fdc46de3fa0a50bcb6c6f7abb
                                          • Opcode Fuzzy Hash: e183e5ff5ccf2603a3b3137aa0a433f978f4a2426b6d2cfa440bad3400b605e9
                                          • Instruction Fuzzy Hash: 7B119B30E042A5DFD7805B64A9053BC3FA1AB85325F19C0BFE541CF386DA768C42C750
                                          Function 06DC9C5F Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b911f1447d594590b222a8cdb279d5ea65fe3fc694d89509899ae405f0f046e
                                          • Instruction ID: 13d8c96f38b4aec8eaff2729484fd1c23737ec59b271d6a15868abb383425756
                                          • Opcode Fuzzy Hash: 0b911f1447d594590b222a8cdb279d5ea65fe3fc694d89509899ae405f0f046e
                                          • Instruction Fuzzy Hash: 3A11C675E0035A4F8B55EBB88C544BFBBF6EFC9260725496ED429E7340EB3089058761
                                          Function 0520BBA1 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1f8d5a22bd7105d7c56b2a87ea1ab787ab741afffd987797b42e8eca44052e0e
                                          • Instruction ID: 15f5eda2f2492169f9244cebb9f148384cb78c976ad258e2980a760157237a2c
                                          • Opcode Fuzzy Hash: 1f8d5a22bd7105d7c56b2a87ea1ab787ab741afffd987797b42e8eca44052e0e
                                          • Instruction Fuzzy Hash: 57214A32910B5287EB009F6AD840381B765FF95324F19867ACC4D7B346EB71A994C7A0
                                          Function 06DC9B90 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fe387db589ed296dc8c3c4c2b650b11894bc52cdfd2d14599d72d36c66bd70c5
                                          • Instruction ID: 501159b3c01185516537a1cb94e4857f561fe7ff03dc2085f8d9458cad959c44
                                          • Opcode Fuzzy Hash: fe387db589ed296dc8c3c4c2b650b11894bc52cdfd2d14599d72d36c66bd70c5
                                          • Instruction Fuzzy Hash: DD111F31F0125A8BCF94EBB999205FEB6F6AF89311B204079C505EB344EB358D11C7A1
                                          Function 06DC3B75 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4662c25137347ccb7a34ac2716ecacfd03b9932de796869c98cdcdb98c7ef896
                                          • Instruction ID: fb4205bc4a3b42d1c6bb699771bc7e2de513dcee1048429d36b70750b356f87b
                                          • Opcode Fuzzy Hash: 4662c25137347ccb7a34ac2716ecacfd03b9932de796869c98cdcdb98c7ef896
                                          • Instruction Fuzzy Hash: FC11A034A08A5B8EDB61CB69C4601BAFBF3AF45221F06C56FD1E2C7191C239D801CB61
                                          Function 0118D1F7 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2090416409.000000000118D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_118d000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 45d2786e60e1e4201bb004dcd9f59ae96814e242b2a6b2dda49e09682ea99c03
                                          • Instruction ID: a6b442a22338fce65e36144d5a16e0ecc08b9efa257c43d24eef09023d5975c1
                                          • Opcode Fuzzy Hash: 45d2786e60e1e4201bb004dcd9f59ae96814e242b2a6b2dda49e09682ea99c03
                                          • Instruction Fuzzy Hash: C121CD76404284CFCF06DF44D9C4B16BF62FB84324F24C2A9DC084A296C33AD426CFA2
                                          Function 06DC24F0 Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 25252e10313f96625bfa26695f6d26487da4c4c1739f0ac94a2143edfa323e88
                                          • Instruction ID: 0983b6edc12483aaea73d68bfb6e1c5937d77f8b203abfe013fae2cd44b7d9c7
                                          • Opcode Fuzzy Hash: 25252e10313f96625bfa26695f6d26487da4c4c1739f0ac94a2143edfa323e88
                                          • Instruction Fuzzy Hash: 1D119D75A00358DBDB10DBA9C845ABFBBB6FF88300F01841DD658AB354EB744902CBA2
                                          Function 05207F60 Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d3cebd2f25854f9952c02b44666a265f86bc43482a28438c43e3af58f2424beb
                                          • Instruction ID: 0038039ee551073a45c2aff51c00941e7c638f044ef840a260dd95c0e1b2c241
                                          • Opcode Fuzzy Hash: d3cebd2f25854f9952c02b44666a265f86bc43482a28438c43e3af58f2424beb
                                          • Instruction Fuzzy Hash: 8901B53262530A5EDB24A7A5E8047AEB7E9EF80164F58506AD50DC25C2EF31A44287A1
                                          Function 0520BBB0 Relevance: .1, Instructions: 54COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f674c3c54937e8507ff937034c55deb023f2647572c723ee2cd9cec14f4565cb
                                          • Instruction ID: c20bfa79e1002778e81c8caa90dde0d3295b050d1f8c9409b564b6a06e71d324
                                          • Opcode Fuzzy Hash: f674c3c54937e8507ff937034c55deb023f2647572c723ee2cd9cec14f4565cb
                                          • Instruction Fuzzy Hash: 7F113732D10B5187EB00AF6AD840391B365FF95324F19877ACC4D3F246EB71B9948BA0
                                          Function 0119D1CF Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2090481072.000000000119D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0119D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_119d000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                          • Instruction ID: 36c5f4735b6a177adb1ca228b8ad01478842a1678979cd68f193f9b98bf6545d
                                          • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                          • Instruction Fuzzy Hash: 3011BB75504280DFCF06CF54D6C0B15BBA1FB84224F24C6A9D8494B2A6C33AD40ACB62
                                          Function 0119D017 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2090481072.000000000119D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0119D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_119d000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                          • Instruction ID: 9f16041bb0cfb1be9449038e37fdbe57cd4f22f32257db804dfb2b7b5a6b9d3d
                                          • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                          • Instruction Fuzzy Hash: 6211DD75504280CFDF16CF58E5C4B15FFA2FB84314F28C6AAD8094B656C33AD40ACBA2
                                          Function 06DC07FD Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 48125b4988e740e9fae098fb2b3b97dba43c3c7314fdec5556361ab703a56c1c
                                          • Instruction ID: 5c89417b0b5d2a8ad83ace7c4aab42910c979e723230084b341cc2ad6935d39e
                                          • Opcode Fuzzy Hash: 48125b4988e740e9fae098fb2b3b97dba43c3c7314fdec5556361ab703a56c1c
                                          • Instruction Fuzzy Hash: 3311BC35D1020AEFDF05EFA0D848D9DBBB6FF99314B198515E002BB220DB31A895DB90
                                          Function 06DCF398 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7225bb54f1719e65291193de0584b2e4fc147c947bd442fcbce689bfb9968170
                                          • Instruction ID: 5cecdce72560148373e429fc0013ed488140f2dbf2ada121e24bd9b9edcbfa65
                                          • Opcode Fuzzy Hash: 7225bb54f1719e65291193de0584b2e4fc147c947bd442fcbce689bfb9968170
                                          • Instruction Fuzzy Hash: 0111B0B1D006189BEB58CFABC9447DEBAF7AFC8310F14C06AD40866264DB7409458FA1
                                          Function 06DC70A8 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ab73c4da225aa1dd903f67e51e8773585057082be5fc5bdfbb61194907ab3a3d
                                          • Instruction ID: 35da685526e96d6ac0b1efd6a5817a3ecec3c1edacb62fc4b66db048fb6b034d
                                          • Opcode Fuzzy Hash: ab73c4da225aa1dd903f67e51e8773585057082be5fc5bdfbb61194907ab3a3d
                                          • Instruction Fuzzy Hash: A9113A3051964DDFDB90CF25E4442257BB4EB05224F2180DDE88A8764BDA77C862EB86
                                          Function 0520B150 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c8493753cb0ef1da58e545ca2239df2faa184e9d886469332dbc9ea25e8c8076
                                          • Instruction ID: e74b4c14e6e94373d7d31f2a83d90a990f8e2abe09b7f3d90528fd205b12d6d4
                                          • Opcode Fuzzy Hash: c8493753cb0ef1da58e545ca2239df2faa184e9d886469332dbc9ea25e8c8076
                                          • Instruction Fuzzy Hash: FF0184317102118FD715DB69D888A6EBBE5FF89215B18886DE01ACB761CF71EC02C750
                                          Function 05209D8C Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 10044abffaf21b3b9c74128240e8ff80ab931b6f1cc057f847896dc36718372a
                                          • Instruction ID: 71a5ad404f07495877b2926543c1da9fea198fcdbf625709e22e2e9f9c75f45a
                                          • Opcode Fuzzy Hash: 10044abffaf21b3b9c74128240e8ff80ab931b6f1cc057f847896dc36718372a
                                          • Instruction Fuzzy Hash: DC01D8313272129FD3255AB9A40C36ABB96FF49316F44283AF00AC22C2CF74D885C754
                                          Function 06DC2500 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5dd071699840c2d6a3e8b7922b2a3fa890124387720ade23d969f7bd28a79084
                                          • Instruction ID: a7ced202a6e5f8b0dcdb870a334a6d789efb6b417acc10c7edce60a9047af0bd
                                          • Opcode Fuzzy Hash: 5dd071699840c2d6a3e8b7922b2a3fa890124387720ade23d969f7bd28a79084
                                          • Instruction Fuzzy Hash: 24112774A00219DBDB10EBA9C845ABFBBF6FFC8305F40841DD619A7354EB749942CBA1
                                          Function 05207A4B Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b097debe6f0c6ad12069782d9134342efaaefc65932d51713787adbdce648d01
                                          • Instruction ID: 7ac64bd705a293962d69dc0a480c22d81295e9616013fdf82606c7544e3d76f5
                                          • Opcode Fuzzy Hash: b097debe6f0c6ad12069782d9134342efaaefc65932d51713787adbdce648d01
                                          • Instruction Fuzzy Hash: A9018835200260CFC304DB3CC499A997BE5FF4A708B1984ADE04ACB372CB61EC05CB80
                                          Function 06DC472C Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 19093a2d870ae14ec801d90d4f14803c5af995f99435c55b831efc9f257826a4
                                          • Instruction ID: e133bcbbef9718629c83ef1f44dbcf2bfc4878a7d87820433eb5ae408a31830b
                                          • Opcode Fuzzy Hash: 19093a2d870ae14ec801d90d4f14803c5af995f99435c55b831efc9f257826a4
                                          • Instruction Fuzzy Hash: FC01191291E3E58EDB631B3868701D57FB48C5766570A50CBC1D58F0E3D914484DDBEA
                                          Function 06DC70B8 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 768cb406656e3d82b14336fba620994ac6105ea79f79cb6482c94d6b25109aba
                                          • Instruction ID: ece7c2e1923d2cfd697425fdd72c52edf472f560d31178ed9390c0542839c9d1
                                          • Opcode Fuzzy Hash: 768cb406656e3d82b14336fba620994ac6105ea79f79cb6482c94d6b25109aba
                                          • Instruction Fuzzy Hash: 1A015B3051960ADFD7908F55E4442217BB4F748318F2184EDE88B8764BDA73C872EB85
                                          Function 06DC28C8 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 04320d6619934e8534b95f3bec843f34f6ce18b3976a4cb063ba903365d9de81
                                          • Instruction ID: b4a1310926fe10ca378ba8d8417c687fc1fdc9879090cfecbbc33392b1c2cc31
                                          • Opcode Fuzzy Hash: 04320d6619934e8534b95f3bec843f34f6ce18b3976a4cb063ba903365d9de81
                                          • Instruction Fuzzy Hash: 3111A174D0024FCFCB05EBA8C8505AEBFB2FF85314F1086AEC125AB255EB315A46CB91
                                          Function 0520EF3F Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f10b61b6bd67fdeaaabb74411978bde2761426136915fab1485e07711bdd0f85
                                          • Instruction ID: 73fb70639888e12d5250b86888f8184a06c2e77b16e4db8cbf59ecc56ad385c0
                                          • Opcode Fuzzy Hash: f10b61b6bd67fdeaaabb74411978bde2761426136915fab1485e07711bdd0f85
                                          • Instruction Fuzzy Hash: 3501DB30312200CFDB28AA74C008BAAB3AAEF82610F11493DD40A9B782CA31EC428751
                                          Function 06DC05CA Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 87a122b2769f29910ccc22efd772fb97423ee68c79b74f94bf0a6d95bc757d9e
                                          • Instruction ID: 0e5a75572800f9d07d10105ddd763e4a9b91407aa34c18c0452bbf901135c495
                                          • Opcode Fuzzy Hash: 87a122b2769f29910ccc22efd772fb97423ee68c79b74f94bf0a6d95bc757d9e
                                          • Instruction Fuzzy Hash: 13016970E4061ACFEB54AFB584583AD7AB6AB88321F14543DD501A7280CF798981CFE5
                                          Function 0520B160 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e09a1d3c68f520cc0f02d6002f75bd6f7b0f87f2ce699a23024644aeff367f50
                                          • Instruction ID: 0fe176df88b677032f2958d4bff01c9c9f6b98d677832237ef4800349eba7777
                                          • Opcode Fuzzy Hash: e09a1d3c68f520cc0f02d6002f75bd6f7b0f87f2ce699a23024644aeff367f50
                                          • Instruction Fuzzy Hash: 6B017134710211CFD719EB69D48892EBBE6FFC9615714886DE41A87365CF71EC06CB50
                                          Function 052032B0 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9efcb357f29d227381fb9ddb2e66b9b020f52108a85992e43d8ad3832091b8ca
                                          • Instruction ID: 691594ccfbe8f25011d1a686f7e418cdfd9bb08a75fdc8bb6fe038fb55f4a301
                                          • Opcode Fuzzy Hash: 9efcb357f29d227381fb9ddb2e66b9b020f52108a85992e43d8ad3832091b8ca
                                          • Instruction Fuzzy Hash: 26F0A475B51115DBCF05A7B8DC585BEBBBAEF89610F45002AEA04A7382DA340D0587E2
                                          Function 05206E38 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 02cd001e55f7b022a64864deced004b43bfc6ac07bbae72e0077720636890e67
                                          • Instruction ID: 4f76751ff8bf4075be407ba806d995bda5528fcf6ac2d402e5e1871afa26e410
                                          • Opcode Fuzzy Hash: 02cd001e55f7b022a64864deced004b43bfc6ac07bbae72e0077720636890e67
                                          • Instruction Fuzzy Hash: B4016D30A217058FC724EF75C44496A77F6FF81300B50D96DD9464B2A1EB30E981CF81
                                          Function 05206E29 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 34f65c7a2f3ebd1c0ffdf44d0d869e0b6d64110d49d8cc067d042813776965e9
                                          • Instruction ID: f281393303b09023d0b1b94b6064476a7e55f87d6a6a6367a2d6d8b4e6cef1b0
                                          • Opcode Fuzzy Hash: 34f65c7a2f3ebd1c0ffdf44d0d869e0b6d64110d49d8cc067d042813776965e9
                                          • Instruction Fuzzy Hash: B7015E30A227059FC714EF75C444A6977F5FF81200F40956ED9468B6A1EB70E981CB91
                                          Function 0520FC88 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3aef71faf2089aeeedb60daa40b74940bbcea83e07d307270a2932629b556f0e
                                          • Instruction ID: 042bed3b6aa59c3edafbbc748205abbcc0c792b376e5e9bafb13f60b5a11ac5e
                                          • Opcode Fuzzy Hash: 3aef71faf2089aeeedb60daa40b74940bbcea83e07d307270a2932629b556f0e
                                          • Instruction Fuzzy Hash: BB01A235A106158FCB04EBA8C455A9DBB71EF85300F018198E6099F361DF71DD45CBC1
                                          Function 06DC28D8 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1ade39f4652c1e58c84aaaad051b13536a6b0ad295e60a13fbbe61f17809bad7
                                          • Instruction ID: 0f6dda2ee9f826300415acee6cdd50c4915458b1348f78b04672dc082cee056b
                                          • Opcode Fuzzy Hash: 1ade39f4652c1e58c84aaaad051b13536a6b0ad295e60a13fbbe61f17809bad7
                                          • Instruction Fuzzy Hash: 0D01E974D0020ADFCB44EFA8C8506AEBFB6FB44304F1085A9C119EB254EA305A459B81
                                          Function 052032C0 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1829ceb00a414f453e03a0ab19c883bacd86412aa163adfe074f3d0de8cfd8bb
                                          • Instruction ID: 977b1f388545b3b1465e3800de2b218e62ea20f6f5316c2fdc341dad5db6dac4
                                          • Opcode Fuzzy Hash: 1829ceb00a414f453e03a0ab19c883bacd86412aa163adfe074f3d0de8cfd8bb
                                          • Instruction Fuzzy Hash: 8DF09675B01119DB8F05B7A8DC585BEFBBAAFC9610B51002AD705B7382CA300E0287E6
                                          Function 05203FD4 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e67b191f21b45b677432c0cc1ca3cd6dfc6cd03f5888f31c19f08f64a77ab6c5
                                          • Instruction ID: 2dc72f135d9ef54c9c66b8d5a072a7464bcdadc6854b749390898c164b6d13ea
                                          • Opcode Fuzzy Hash: e67b191f21b45b677432c0cc1ca3cd6dfc6cd03f5888f31c19f08f64a77ab6c5
                                          • Instruction Fuzzy Hash: 46F0963132A2118B972C9B2EA454A3E7AEAEF845517446429E506C32D2DEA0D9418B51
                                          Function 06DC7020 Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7a83341974b5774f11bccb2fc27e5aebfe3dace28b3e1b58eef228de0138a4e4
                                          • Instruction ID: 121e265778fe1ea935dc61b747a8d90c6192e75adce5697d5117ce7ae951f45f
                                          • Opcode Fuzzy Hash: 7a83341974b5774f11bccb2fc27e5aebfe3dace28b3e1b58eef228de0138a4e4
                                          • Instruction Fuzzy Hash: 8C01C270511F14CFC324DF1AE188512BBF0FF8870474289ADD5DA87A6ADB71E465DB44
                                          Function 052053A0 Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 80874527245a76f4c0095533cd899f3bf0b01fe6ef74502920bff8ae1d52080a
                                          • Instruction ID: 2ccb6f1b9f9ab548f5d735b658cd115e8082c5b7463c97653e9381fb9ebdb5ad
                                          • Opcode Fuzzy Hash: 80874527245a76f4c0095533cd899f3bf0b01fe6ef74502920bff8ae1d52080a
                                          • Instruction Fuzzy Hash: 0FF0BB313262118FD7189B1AA444B7E77F9EF84551B08102EE407C76D2DFA4DC41CF50
                                          Function 05207203 Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 547929692322c2f57654f3cddd30394f04aef745c2b887a930b141fec568692d
                                          • Instruction ID: a255e2ae2dfc01022d0407e5a62d4cf043455f309d29d7469494f740de571c22
                                          • Opcode Fuzzy Hash: 547929692322c2f57654f3cddd30394f04aef745c2b887a930b141fec568692d
                                          • Instruction Fuzzy Hash: 8BF0C231716B058BDB117B74C8154AEBB75EFC1611F04456EE84A67381EF30A986CFD1
                                          Function 0520EF50 Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d76eb6cdd4c8a082412236250fad6605837937a55c51dc0f0dddd0107b239746
                                          • Instruction ID: 18e888cf525f4705c3297df117abb66365f89100aec6c2f9ea83cde440d56150
                                          • Opcode Fuzzy Hash: d76eb6cdd4c8a082412236250fad6605837937a55c51dc0f0dddd0107b239746
                                          • Instruction Fuzzy Hash: 3DF0AF30312300CFDB28AA74C018B6AB3EAAFC6610F11493DD44A9B392DB71EC42CB51
                                          Function 05207610 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 24c347bfc0647a9eb421887d94870b983b189cc45a1a7cf89620febfa7d41bb9
                                          • Instruction ID: 3303272d39794e0b92438d1728ac1c876dd2ad3552680c1ca1bd7392abb4be5a
                                          • Opcode Fuzzy Hash: 24c347bfc0647a9eb421887d94870b983b189cc45a1a7cf89620febfa7d41bb9
                                          • Instruction Fuzzy Hash: 41F054323146118B97189A6EE88485ABBA9FFC4265704853EE20EC7211DE61DC068790
                                          Function 05205308 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a0982dc0e23231c39e454c4836c1fdf549dcb01b4511988562a7941dc9465d82
                                          • Instruction ID: 24e1705dddd7ce0b434c1325080869f90db469b8be9626278c53141d4f6b5177
                                          • Opcode Fuzzy Hash: a0982dc0e23231c39e454c4836c1fdf549dcb01b4511988562a7941dc9465d82
                                          • Instruction Fuzzy Hash: 5BF0C23132A6114BCB0AE735902C27CA7B6AF84611B08506DD80ACB2D3CF788C02C781
                                          Function 05207208 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ef676e4dea42feb25dd417aad14dbddf9491ef83cdee7c10ec0e2bb6d368619e
                                          • Instruction ID: 9d33e7df68d27a0eb2fa51f2d3fd0707a9e5e916584283c24a931e4b23f1d5b7
                                          • Opcode Fuzzy Hash: ef676e4dea42feb25dd417aad14dbddf9491ef83cdee7c10ec0e2bb6d368619e
                                          • Instruction Fuzzy Hash: D2F06231716B058BDB157A74C4044AEB775EFC1611F05556EE84957381EF30A982CBD1
                                          Function 0520727B Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1ce927a87e519bd05249b0203305d40dd2a73e87231bbb679dcf784cfc129d61
                                          • Instruction ID: d0824365f0bde0fcf6464e12fe028ed703f045cf5ea2754cb4010bb22adcaba5
                                          • Opcode Fuzzy Hash: 1ce927a87e519bd05249b0203305d40dd2a73e87231bbb679dcf784cfc129d61
                                          • Instruction Fuzzy Hash: 5DF09631210601CFC7249B1AE854A2EB7BAFFC8721F14052DF90A87765DF75AC42CB90
                                          Function 052046D8 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a5d3e17890bd96ffebbf0f6167f6eb62d597982028fdd30ad1bd02a885ee28c1
                                          • Instruction ID: c07117eea687fc150d2969a1dba727ff7ee587141212e7bb574451db554da95c
                                          • Opcode Fuzzy Hash: a5d3e17890bd96ffebbf0f6167f6eb62d597982028fdd30ad1bd02a885ee28c1
                                          • Instruction Fuzzy Hash: 95011675D00609DFCB40EFBCC54499DBFF0EF49210B1086AAE558EB261EB309A44CB81
                                          Function 05205318 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2b24b3050136684b341b013dac8b580a12c53d866662f96f6e329a167f730c8b
                                          • Instruction ID: 0feab7014805f1b3b17de8b61a94bb096992fc4b4e4cb025cd9de40c9ac6f17c
                                          • Opcode Fuzzy Hash: 2b24b3050136684b341b013dac8b580a12c53d866662f96f6e329a167f730c8b
                                          • Instruction Fuzzy Hash: B8F05E313266104BCB1DA73AA02C57DB2BAAFC4A11B18903DE40ACB3D2CF74CC42CB91
                                          Function 0520D670 Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e74a1467fc66d370ed315995043f7921196e0c230a5058fb0ff9c2089148585d
                                          • Instruction ID: 44c6d8294d7efddcfe22e7252a43e30c36ecd2fd9566faed31bab7af2e7f84eb
                                          • Opcode Fuzzy Hash: e74a1467fc66d370ed315995043f7921196e0c230a5058fb0ff9c2089148585d
                                          • Instruction Fuzzy Hash: 41018F30A112C69FCF0AFBA8E49868C7FB0EB81304B14459CD461AB255CF351942DB41
                                          Function 0520FC98 Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6729cd88a3ee2fc8232c47249d71e3397a3ecf59b5cab7444a6d0df1a101e72a
                                          • Instruction ID: 8c03b8777eb6fc04fc12f8893d0093776397c5a62d4cc734a12a528cd6d0146d
                                          • Opcode Fuzzy Hash: 6729cd88a3ee2fc8232c47249d71e3397a3ecf59b5cab7444a6d0df1a101e72a
                                          • Instruction Fuzzy Hash: 8BF04F34A106198FCB08FBA8C45989DBBB5FF85700F418199E6099B361EF71DD45CBC5
                                          Function 06DC9D34 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 51ccb9fd7d4da47143740e07e9a8bb442fe5dc7737d3574fa4577a4d024d2d99
                                          • Instruction ID: f9e55c065847aafd0e52b67ceaaa4f5db0137a26c3caf63647eba2c08fad3829
                                          • Opcode Fuzzy Hash: 51ccb9fd7d4da47143740e07e9a8bb442fe5dc7737d3574fa4577a4d024d2d99
                                          • Instruction Fuzzy Hash: 5FF0390205F3E95FD307A76C98B40DA7F718D4762074A55DBC2C0CF063C814484AE3AB
                                          Function 052075FF Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6eaa3ae343d0695975fd23bf58329530388d4f9e5b4dc051001857f7f9ba1d55
                                          • Instruction ID: 8ceebe3985f85db31b2e1f90f3da9d5ba9ad5c9786e495ceddb0b58894c68211
                                          • Opcode Fuzzy Hash: 6eaa3ae343d0695975fd23bf58329530388d4f9e5b4dc051001857f7f9ba1d55
                                          • Instruction Fuzzy Hash: A8F027723046028FC7185B6CF889A5A7FE6EFD4364B14413DE10ACB361DE60DC06C790
                                          Function 05207288 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 305cca62f6006e85f102113ba55e843b6a17b692486d2face2543507a8677b95
                                          • Instruction ID: 5e66115790c38e7d92e0530fe687da354c1a49ba1764a2665d3b83bb3a3ad6a3
                                          • Opcode Fuzzy Hash: 305cca62f6006e85f102113ba55e843b6a17b692486d2face2543507a8677b95
                                          • Instruction Fuzzy Hash: 1CF05431311601CFC728AB1AE48492EB7BAFFC8721B14055DF50A87765DF75AC42CB90
                                          Function 052046E8 Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                          • Instruction ID: 4243ceffdd30f352615e2fe6667d750750fc4abca0ae9b7f9b7c733986b7bd1f
                                          • Opcode Fuzzy Hash: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                          • Instruction Fuzzy Hash: 0601B675D00609DFCB40EFACC54589DBBF4FF49210B1185AAE859EB321E770AA44CF91
                                          Function 0520D680 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8110976b8d744d4cedc0124483a1578401cc4bbddfa257fe49267c9f44f5c606
                                          • Instruction ID: bfd0d0098f9dab36da990bdfa13dbc1de3b94e7f148beac9550992e3d9df452f
                                          • Opcode Fuzzy Hash: 8110976b8d744d4cedc0124483a1578401cc4bbddfa257fe49267c9f44f5c606
                                          • Instruction Fuzzy Hash: B2F04230E1128AEFCB49FFA8E49858CBFF4EB84300B1080ADE405EB214DF315A459B91
                                          Function 0520DD50 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7a58d510a488fbf35004a7c94acebbb6ab97ca209961587e28dbbf2fbfe407b7
                                          • Instruction ID: 4663927a8f47d2f07194bf26f6a699d8c1525eb2f51b9ffe67c0b26e131751fc
                                          • Opcode Fuzzy Hash: 7a58d510a488fbf35004a7c94acebbb6ab97ca209961587e28dbbf2fbfe407b7
                                          • Instruction Fuzzy Hash: E2F0A7727181555FDB45EAACE4106DABFE9EB48125F14806BE00DC3282DF32D902C794
                                          Function 06DC2FE4 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 49067eadcc017adc96de7dc9e2e9e4b1cafd64d138ad5017497a218518ae71ee
                                          • Instruction ID: 5ecbf434f2a730f025e1171d369d6c5eb9180cf1fdafb8ce8d0161866d78740a
                                          • Opcode Fuzzy Hash: 49067eadcc017adc96de7dc9e2e9e4b1cafd64d138ad5017497a218518ae71ee
                                          • Instruction Fuzzy Hash: 7DF02732708608CFCB499B6AEC9046D7F21EBD0311B04C15ED5418F251CE788A05C3A1
                                          Function 06DC2F88 Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6d2a7dfc063d9ef1c2e615e0c34621e81c01f2a6b15d7fccd828d983f68adfb1
                                          • Instruction ID: 01263403f73f39e0df1a27926188928b487b4078f80dcf841fd422078159dd43
                                          • Opcode Fuzzy Hash: 6d2a7dfc063d9ef1c2e615e0c34621e81c01f2a6b15d7fccd828d983f68adfb1
                                          • Instruction Fuzzy Hash: DDF0A03630061897C618EA6AEC8089FBF6AEFC4720B50C52DE9098B304CE74590986A1
                                          Function 05204358 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0837daf1409b504c03c4535c1b89a855be1c1167d78622cb27efff4d551cd6a1
                                          • Instruction ID: 13f28531daf410d41812ded79286bd780cd59be9bf0c3e9206bda176f48da3d9
                                          • Opcode Fuzzy Hash: 0837daf1409b504c03c4535c1b89a855be1c1167d78622cb27efff4d551cd6a1
                                          • Instruction Fuzzy Hash: F3E06D71605701ABDB34AB65E844963B7FDFF44214B14A91FE94AC3652E622F805C6A0
                                          Function 06DC6474 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e484b851e9d20c1d5e13d061f26fc37fe20b1f601d4a245ac78a731e6d2f8518
                                          • Instruction ID: 4a88c35da284f691d195420bcdf447daf293668e266f9c6bda68bf269df71fe8
                                          • Opcode Fuzzy Hash: e484b851e9d20c1d5e13d061f26fc37fe20b1f601d4a245ac78a731e6d2f8518
                                          • Instruction Fuzzy Hash: A8F02731E0D2E5DBD7604750D2107607B668B4A3AAF28C0BED1498F187CA37C403CB51
                                          Function 05207A80 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fbda465b40fddd79a2df52af7a0c782c64f1d046bf06dc4496b0123a642a43ab
                                          • Instruction ID: acf3fd0627dc8c2af9765bf0edebd98d688910383579538ce751cfe891462dca
                                          • Opcode Fuzzy Hash: fbda465b40fddd79a2df52af7a0c782c64f1d046bf06dc4496b0123a642a43ab
                                          • Instruction Fuzzy Hash: 6FF0DF30210610CFC718DB2CD588C597BEAFF4AB1971585A9E10ACB372CBB2EC40CB80
                                          Function 06DC0625 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2dba11e54b0eb0aa4449d52a1b8c49e564bfa313196b6de2b7af8e72bdac9f88
                                          • Instruction ID: 95790e0479c46785d54fc861edbd3e8fbcabbe35490e85da59de8cbbef9bb0e5
                                          • Opcode Fuzzy Hash: 2dba11e54b0eb0aa4449d52a1b8c49e564bfa313196b6de2b7af8e72bdac9f88
                                          • Instruction Fuzzy Hash: 24F0FE30E4061ECBEB54AFB5941979D7AA69B98721F10542CD101A7180DF754481CFD5
                                          Function 052042F0 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 68fcdbf7c2ec4378cb7a0bc45a4e4a69a642f622d47293f4cdf659e43af3fe46
                                          • Instruction ID: 1994f77e779e760c61275302d77c10266ca7fb185da4fdf032796f782c0f3d0f
                                          • Opcode Fuzzy Hash: 68fcdbf7c2ec4378cb7a0bc45a4e4a69a642f622d47293f4cdf659e43af3fe46
                                          • Instruction Fuzzy Hash: A9E092321011996BCB02AF49DC00BCA3FADDF49214F088455FE88C6123C27AD9269BA1
                                          Function 05202750 Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f4995030d3d8315bbb2935f908c451a34706f38ec50b02cb2535d4573526b658
                                          • Instruction ID: b848c0e50cc3154be2ca705b8c0a4b20823932d79d3af01df7dc2c931b5b3f03
                                          • Opcode Fuzzy Hash: f4995030d3d8315bbb2935f908c451a34706f38ec50b02cb2535d4573526b658
                                          • Instruction Fuzzy Hash: AFF0ED30A0160AEBCB00FFA1EA02B987FB4EB46204F204598E804E7315DB326E01DB40
                                          Function 06DC46D8 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9cdea79e7d244873c7fcb4369ce9b94e56687316e0d95457eb482d409025210d
                                          • Instruction ID: f4bfa743598ffffa2ccf97c6a366e6d15cec2b137c420b9552e3f93eec3ea23b
                                          • Opcode Fuzzy Hash: 9cdea79e7d244873c7fcb4369ce9b94e56687316e0d95457eb482d409025210d
                                          • Instruction Fuzzy Hash: 66E0C234F80319FBFA3117456D22F753A9DA786FA2F004029F70A9F2C8DEA28C1096D5
                                          Function 06DC24A0 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 909ee1e78f0fb58b6a7db3e8092747b70f49380a24d2b11f4e1de436764ce141
                                          • Instruction ID: 027389c6ecd7bf9451817852ff202405e2d4410fe40bc24caab7c477f8f9b28b
                                          • Opcode Fuzzy Hash: 909ee1e78f0fb58b6a7db3e8092747b70f49380a24d2b11f4e1de436764ce141
                                          • Instruction Fuzzy Hash: 08E01A357457189BD324A639C464ADB76EAABC5325F4048ADC5198B384CE72AC4287A0
                                          Function 06DCB097 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 66fb1b594a7aa5adc19130458c682792cd7cb16bb477250a6d02b6244d98f293
                                          • Instruction ID: 0aacc35da0866e50ee4e6d9ee80d244493a1d567bbf0c9df7397a90ffe4b34fd
                                          • Opcode Fuzzy Hash: 66fb1b594a7aa5adc19130458c682792cd7cb16bb477250a6d02b6244d98f293
                                          • Instruction Fuzzy Hash: B2F05E70D0020A9FC750DFBD894568ABBB06B04234F20866AD430D7391E77185059B81
                                          Function 052021B8 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1506ca7412d18d5babd58030d6fea9d1dc2ac00729afe94b2321c9307901da53
                                          • Instruction ID: bda2c68cc78ec6316fc78ba2b3242d4dfb8c11ff4bbad18d487596cf7594c01e
                                          • Opcode Fuzzy Hash: 1506ca7412d18d5babd58030d6fea9d1dc2ac00729afe94b2321c9307901da53
                                          • Instruction Fuzzy Hash: DBE0D832101159ABCB069F59EC40ADE3FADEF49310F14D545FA0486052C676D922D7E5
                                          Function 05209E28 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0ebdc6dcb7ee6e18c9dad0276638baff6af6b106c2c92a71a78c7b379038b05a
                                          • Instruction ID: d22a7d182c159c0a7227fd642724cc62f1d22a6ea0dc3bbe3544b2c1e332d1ed
                                          • Opcode Fuzzy Hash: 0ebdc6dcb7ee6e18c9dad0276638baff6af6b106c2c92a71a78c7b379038b05a
                                          • Instruction Fuzzy Hash: B3E0C2303A22098BCB08AE79E4A54397799EF502193101DADB40E9A6C3DE62D803C500
                                          Function 05205E68 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 98e63ece8137feb5e03bae3bb95f17816f6d1e9d3f55bd883a4a31743629a2f3
                                          • Instruction ID: 0651e035bd993e96df171b6fdb976367a707689869f5fd06cd2dd7e07565ebb9
                                          • Opcode Fuzzy Hash: 98e63ece8137feb5e03bae3bb95f17816f6d1e9d3f55bd883a4a31743629a2f3
                                          • Instruction Fuzzy Hash: 1DE0DF3260030147D615A76DE884A8BBBA2FFC0610B448A2FE5198B264EF655C4287D0
                                          Function 052052D0 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 07a7d27a381e39f65467ad3d838f5a0d85aabf09fca8249a29805c696d973a62
                                          • Instruction ID: 7caef63844fd3c66603d4b8b35d49efafff7426b0a2597c537191d0b93678823
                                          • Opcode Fuzzy Hash: 07a7d27a381e39f65467ad3d838f5a0d85aabf09fca8249a29805c696d973a62
                                          • Instruction Fuzzy Hash: 3CE04F317107009FD758DB6CE844A5977F9FF48210B18556AF50AC7262EBA4EC018A80
                                          Function 0520CEB2 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b8bdb4854b15988d8d4efffb4b66ff5fa9ec74956d5c2491172188dc1296b92b
                                          • Instruction ID: a65656c58ea8382147b516639eaf1e8d82667890ff3786791cb3c4a51aa8b80d
                                          • Opcode Fuzzy Hash: b8bdb4854b15988d8d4efffb4b66ff5fa9ec74956d5c2491172188dc1296b92b
                                          • Instruction Fuzzy Hash: BCE02630200A15D7EF2023B9E80978E7FD5EF46312F081528E602A3AD2CE6A98434391
                                          Function 0520EFC0 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 36ddaca1637782a4150e680d64589fb10510bed0bca0174854724fe72abcd6bb
                                          • Instruction ID: 4f11081231f060f8295d2204a2f75cabe738873f3beba1e2269291b5c9112a0c
                                          • Opcode Fuzzy Hash: 36ddaca1637782a4150e680d64589fb10510bed0bca0174854724fe72abcd6bb
                                          • Instruction Fuzzy Hash: 35D0C75271116113D54421BCF886BED4756C7CA791F59827AE504DF7C5C8544D434391
                                          Function 05202760 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a3656a4537e74a953ac4a6ef7641f352e8bfac644db73f24fa6df7494385dbf
                                          • Instruction ID: dc93a8a2ee62fcd5c246a500d4757596b8b89fe23236fd6a38e24222e5220ccd
                                          • Opcode Fuzzy Hash: 3a3656a4537e74a953ac4a6ef7641f352e8bfac644db73f24fa6df7494385dbf
                                          • Instruction Fuzzy Hash: 65E08C30A00209EFCB04FFA6EA0099D7BB9FB94604B208298D804E7354EB326E00DB51
                                          Function 052052E0 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a054d32cbf07a83255a52f4780ae568b5bc983463d1e08d3a9f863684d99c7a9
                                          • Instruction ID: 62d60e3d07b2a952f7d9aa559baf6b7a36ca4a39b791722f3736c2578995e182
                                          • Opcode Fuzzy Hash: a054d32cbf07a83255a52f4780ae568b5bc983463d1e08d3a9f863684d99c7a9
                                          • Instruction Fuzzy Hash: F4D05E313147149FC72CDB1CE840C5AB7EAEF8831032496ADF10AC7761DAA0FC058B94
                                          Function 06DCB0A8 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7e1eacdd4b9b91914f3aea5c9ebbefc60330b1ad61fcb3a603b3c2b346c27699
                                          • Instruction ID: 76ed2d16f3ca3c04e5a884306d97888585dde6511806b80ab48c0f46a268da3f
                                          • Opcode Fuzzy Hash: 7e1eacdd4b9b91914f3aea5c9ebbefc60330b1ad61fcb3a603b3c2b346c27699
                                          • Instruction Fuzzy Hash: 3DE09AB0D4020A9FD780DFB9C50565EBBF0AB08610F11856AD015E7251E77495058F91
                                          Function 0520CEC0 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 897b754cbad0888c765666df92ce8ea3b6b96a90c362a9045784b1a801ea8375
                                          • Instruction ID: 8ac04f4840f036d6fedef0bc70c400a8bb13002d13b5e2a477ee89c1c2c0b490
                                          • Opcode Fuzzy Hash: 897b754cbad0888c765666df92ce8ea3b6b96a90c362a9045784b1a801ea8375
                                          • Instruction Fuzzy Hash: 5DD0C230210A05CBEB2567BAE40869E7FD9EF45212F041429E606A36A2DEB9A84247C0
                                          Function 06DCE458 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e8902cf5c5d76c657bf0050b30574bbd478c7f1aeee298da9b3766d3c9c0a8fe
                                          • Instruction ID: 32ba5227f5fa16f609e66948679be45b3d33f8cc7f5f7ae57abfdcbb5833c72b
                                          • Opcode Fuzzy Hash: e8902cf5c5d76c657bf0050b30574bbd478c7f1aeee298da9b3766d3c9c0a8fe
                                          • Instruction Fuzzy Hash: A3E01770D1524CEFCB84EFB8E44979CBBF4EB08211F1042AD9848A3345E7709A90CB95
                                          Function 0520E468 Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1f5c3b2a6a586f90c1da22d360b72ca318da3ca553f0fea49f15252a8a550f14
                                          • Instruction ID: 644a708ee905ae996f851e9e26a9e502b4d51e9188e2da5d478a20e29cf6a6ca
                                          • Opcode Fuzzy Hash: 1f5c3b2a6a586f90c1da22d360b72ca318da3ca553f0fea49f15252a8a550f14
                                          • Instruction Fuzzy Hash: 33D02B71109348AFD7025FB4C800C11BFB8AF05204B0490C5F5444F163C132E812DB51
                                          Function 0520CD28 Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fe7f1d7d5a0b1b448de4477b3d584d625f423b38247a7c4e405baf5ba8653711
                                          • Instruction ID: a5be7b14da4ce1fda4aa07470e6b6de4a7331340964c781957e5fb08a32d1149
                                          • Opcode Fuzzy Hash: fe7f1d7d5a0b1b448de4477b3d584d625f423b38247a7c4e405baf5ba8653711
                                          • Instruction Fuzzy Hash: AAD080313403154BC7147978D45775637985F14504F044278D109DFB43DA62D4038551
                                          Function 0520EF17 Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 693b5102d09ca518e913e9f19523697b91e0d79b436627cd7e2b680732ed128b
                                          • Instruction ID: 96ebe5a6d5dcf83e9716b95065dfa1c3cec85314e72a88905dd8514fd3b46b0d
                                          • Opcode Fuzzy Hash: 693b5102d09ca518e913e9f19523697b91e0d79b436627cd7e2b680732ed128b
                                          • Instruction Fuzzy Hash: E2D012312006144FD744AB28D457FD937A8EB06644F4845F4E619CF762DA15DC464651
                                          Function 06DC297B Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1c8f05860f32f332e613ab54b11b896b0cb4dedca80416d22d29cc6526560da4
                                          • Instruction ID: cc91840189ae2051fabb6c41250334e8210c789d7380df87a734f1494b5f33de
                                          • Opcode Fuzzy Hash: 1c8f05860f32f332e613ab54b11b896b0cb4dedca80416d22d29cc6526560da4
                                          • Instruction Fuzzy Hash: B1C08CDB84801881A71007E0694202012A0C1B22A5788548FB05C87F09E404C25A7004
                                          Function 06DC0500 Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d02a65623f522d605a90b9a8a0e2ab267ed26e6f2c1ec47214568b2ac27fc09f
                                          • Instruction ID: 749747f94f3a7505c27083b9aedb07c5dba850120ba5d4182ff66ba875ad8c87
                                          • Opcode Fuzzy Hash: d02a65623f522d605a90b9a8a0e2ab267ed26e6f2c1ec47214568b2ac27fc09f
                                          • Instruction Fuzzy Hash: A1D05EB5C06389CFCF12AB71E4083143F60AF46314F044299D400CA466E6A98949CF02
                                          Function 0520E478 Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6398ff16e2c56b64689a3c4e05b778f5d0304970aa418c4fdc3c8f9b145a9be9
                                          • Instruction ID: 4b3d12ecc5443e06e85628ba9acfb1ab6e2139ff4460fa2b67fee783ef205587
                                          • Opcode Fuzzy Hash: 6398ff16e2c56b64689a3c4e05b778f5d0304970aa418c4fdc3c8f9b145a9be9
                                          • Instruction Fuzzy Hash: AAC01236250208AFDB80AAD8C800D56B76DAB08610F90A200BA084A282C272E8629BA0
                                          Function 06DCDAD0 Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 98f2e29b9ca48c2d47054bb02340b619e68e46ff4339649c240f91a28161b7ed
                                          • Instruction ID: 4791d84612338519b725f416fff556aace1c7cce9be2fd5f3227284a57cdd52f
                                          • Opcode Fuzzy Hash: 98f2e29b9ca48c2d47054bb02340b619e68e46ff4339649c240f91a28161b7ed
                                          • Instruction Fuzzy Hash: 62C02B30086308CFC3102794F90D3243378EB40302F00427CD50C4145B4FB044A0C6F9
                                          Function 0520EF28 Relevance: .0, Instructions: 9COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093292635.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5200000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 585a8915f648b3656244af7a9e6aead64875a74b77a0d46a33b8d51c7f2a5a5a
                                          • Instruction ID: c5223c045dc8167aad448a208165aa1efa24f2eb546048f8b1cef5c283c171ed
                                          • Opcode Fuzzy Hash: 585a8915f648b3656244af7a9e6aead64875a74b77a0d46a33b8d51c7f2a5a5a
                                          • Instruction Fuzzy Hash: A3C048302446088FC744EB68D459A6873E8AB49604B4908F4A20E8B322EA65AC448A44
                                          Function 06DC9D64 Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c068ccf5052e9144a3a0a94fb4f27f8e6e7313a6d17ef0644ad1402db5b4993a
                                          • Instruction ID: c255eae7712d0305060b2a7d0e62a0228f710c91dcf811c1d10786907c51c65f
                                          • Opcode Fuzzy Hash: c068ccf5052e9144a3a0a94fb4f27f8e6e7313a6d17ef0644ad1402db5b4993a
                                          • Instruction Fuzzy Hash: 5EB0122F2A5259E7A2456A6CC88C83ABDA2EBB9700B40EC0D378811040C870C568F12B
                                          Function 06DC9B64 Relevance: .0, Instructions: 7COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 72a4176ee03ab6f3ecc9088b126d2ad80af53b13bb9bcd45ef09d9b2d96a3d82
                                          • Instruction ID: b7a4b1294f98639f769b13540f13be0571f71a63787543dcabc3c94ff25a356e
                                          • Opcode Fuzzy Hash: 72a4176ee03ab6f3ecc9088b126d2ad80af53b13bb9bcd45ef09d9b2d96a3d82
                                          • Instruction Fuzzy Hash: 80B0923A1100806AD6826F54C811E00BEE2EF95608308809C90C096131C91290249752
                                          Function 06DCA554 Relevance: .0, Instructions: 5COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1486ae01b9617398ed836ed468bef0b5660aadf1185edb5448fbc6d6d4b32b27
                                          • Instruction ID: bda134714101ac6a642b4c7be90a2306eca9e053b2983aac47c9bf196dcc6f49
                                          • Opcode Fuzzy Hash: 1486ae01b9617398ed836ed468bef0b5660aadf1185edb5448fbc6d6d4b32b27
                                          • Instruction Fuzzy Hash: 6BA022E33A022002F20CB0A0C80AAA0220282FE308300A000A30820200C80080A2803A
                                          Function 06DC2980 Relevance: .0, Instructions: 5COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 85c6767c00a5ea732aaeae05bfe692f3f0285fd772b1a5bffcb866468589cc3a
                                          • Instruction ID: c507fa409b0a3d3c0bbd952be08337e66a6d1625afa1103b562c3eee9116245c
                                          • Opcode Fuzzy Hash: 85c6767c00a5ea732aaeae05bfe692f3f0285fd772b1a5bffcb866468589cc3a
                                          • Instruction Fuzzy Hash: E690023505460C8B464027D5B40A5567B5DA544615F848465F90D49501AE5564146595
                                          Function 06DC6C90 Relevance: .0, Instructions: 3COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093933718.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6dc0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fcc35ab84597de83f28e672b0c6acb08815081fb862c09fe420dcd8ae2f99e53
                                          • Instruction ID: c6cdd35676338ad45568e9c2253d74577aa5bd3433b76dd7aec22afcd04f6ab9
                                          • Opcode Fuzzy Hash: fcc35ab84597de83f28e672b0c6acb08815081fb862c09fe420dcd8ae2f99e53
                                          • Instruction Fuzzy Hash: D9A0017480A24AAFE7504A519008268BA71AB09729F408159A462927468B788184AE41

                                          Non-executed Functions

                                          Function 088C2FF8 Relevance: .4, Instructions: 375COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 121424e53dfd3d47f7e363720fa5ded99758c8479f784c5835aaa59c6f3545f2
                                          • Instruction ID: 30a2a7b47f97bb973d1f0f5c87c6e47efa5fc476a2fa475b0a61d1e944cab951
                                          • Opcode Fuzzy Hash: 121424e53dfd3d47f7e363720fa5ded99758c8479f784c5835aaa59c6f3545f2
                                          • Instruction Fuzzy Hash: 68E12934A00209DFDF45EBF9C844AAEBBB2FB88301F108169E915A7759CB75ED42CB51
                                          Function 088C94B8 Relevance: .4, Instructions: 374COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6973499d8e9c568258e3aa0fc32bf7a3497c6da4046eeb4a963d5c71681fc182
                                          • Instruction ID: d29b425e51cc5b4f8a605ea01d695440d4e51bc16d5336c90f238ddf05168cbf
                                          • Opcode Fuzzy Hash: 6973499d8e9c568258e3aa0fc32bf7a3497c6da4046eeb4a963d5c71681fc182
                                          • Instruction Fuzzy Hash: 0AD1AC30B016448FDB29DB79C854BAEBBF6AF89302F1484AED146DB794CB35D902CB51
                                          Function 05130040 Relevance: .3, Instructions: 315COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2093218515.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5130000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ab6930827775f9b36cda15a91d7e0ffff22eb1bdaa13fcae2bf15de192e1d420
                                          • Instruction ID: acd1f98323eb48d86d31616afb30308c87ced69c7ee79fe9513e61e5d4549fd0
                                          • Opcode Fuzzy Hash: ab6930827775f9b36cda15a91d7e0ffff22eb1bdaa13fcae2bf15de192e1d420
                                          • Instruction Fuzzy Hash: 011274B06017858AE736CF6DF94C1893BB1BB45318F90430AD2656F2E9DBB8154BCFA4
                                          Function 088C3D48 Relevance: .3, Instructions: 312COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 181352bac43921989749c78b9d685b0c6b6a47da6c9f73dd980b810563b7bcf4
                                          • Instruction ID: 593ecb4e7c351a64b4c3a5ff948d20a6eaf7947e9dce3a4c95dc91d42aa62aef
                                          • Opcode Fuzzy Hash: 181352bac43921989749c78b9d685b0c6b6a47da6c9f73dd980b810563b7bcf4
                                          • Instruction Fuzzy Hash: 6CE11974E002598FCB14DFA9C590AAEFBB2FF88305F248269D814A7359D771AD42CF60
                                          Function 088C26A0 Relevance: .3, Instructions: 312COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dbb8e9a87e28a029165cf5f85a0631b93638469d26f24c29091edfd66e0525e2
                                          • Instruction ID: 211ec36e602c206350c1d132208ebee54f4cde5f4581c5f5ebc81e165a8cbad6
                                          • Opcode Fuzzy Hash: dbb8e9a87e28a029165cf5f85a0631b93638469d26f24c29091edfd66e0525e2
                                          • Instruction Fuzzy Hash: 70E1EA74E002598FDB14DFA9C590AAEFBB2FF89305F248269D414AB359D770AD42CF60
                                          Function 088C4620 Relevance: .3, Instructions: 312COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4fdb5b21c96ce15ecbad5d905e02439615bc41df1aada26026a5ab6a9df01af2
                                          • Instruction ID: ef81522e1f699b7ee55f32b835ce5f881532689d04d6f5c6cedc3fa5c9ccdcf4
                                          • Opcode Fuzzy Hash: 4fdb5b21c96ce15ecbad5d905e02439615bc41df1aada26026a5ab6a9df01af2
                                          • Instruction Fuzzy Hash: 36E12A74E002598FDB14DFA9C590AAEFBB2FF89305F248259D814A7359C770AD82CF64
                                          Function 088C2268 Relevance: .3, Instructions: 312COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 99ff34043c19e432e21ab8688157fbe0c2a5c3990c67b5a8c9dafa767a6b7199
                                          • Instruction ID: c9ee1a06387b193f0e0a2c78b09d2e9c7616498543c5c3fead9bd885698d2b95
                                          • Opcode Fuzzy Hash: 99ff34043c19e432e21ab8688157fbe0c2a5c3990c67b5a8c9dafa767a6b7199
                                          • Instruction Fuzzy Hash: 73E1FB74E002598FDB14DFA9C590AAEFBB2FF89305F248259D814AB359D770AD42CF60
                                          Function 088C4E78 Relevance: .3, Instructions: 312COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7e863bf5ede1c676fda11a392bb1c84165bb05ebb01d5f0e7c01664da188b781
                                          • Instruction ID: acc01f88b31d60f67c031cf460345e0665f410f4861024961763a30a1de937e1
                                          • Opcode Fuzzy Hash: 7e863bf5ede1c676fda11a392bb1c84165bb05ebb01d5f0e7c01664da188b781
                                          • Instruction Fuzzy Hash: F7E1E974E002598FDB14DFA9C590AAEBBB2FF89305F248269D414E7359D770AD42CFA0
                                          Function 0127D5BC Relevance: .3, Instructions: 264COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2090761165.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1270000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 34b9025341c84b2269e414cce289fcd5fb13c57a3a167c85b3e6f54d1a527a99
                                          • Instruction ID: 7927cfc478cec5c0bb5a7a47c41262ee94bc132ffdcfbe445158fdbb7d28db91
                                          • Opcode Fuzzy Hash: 34b9025341c84b2269e414cce289fcd5fb13c57a3a167c85b3e6f54d1a527a99
                                          • Instruction Fuzzy Hash: B0A1A232E24216CFCF15DFB8D9449AEBBB2FF85300B15816AE911BB265DB71D906CB40
                                          Function 088C6378 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2094808268.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_88c0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fa1208ba7adcafb8f75be654429bd8c6c3c0455f9926d2ce831acebd91078541
                                          • Instruction ID: 237ea62cae653674a4adf383346f8b4a43174ba450fabb8cf450ee1a1c2d6221
                                          • Opcode Fuzzy Hash: fa1208ba7adcafb8f75be654429bd8c6c3c0455f9926d2ce831acebd91078541
                                          • Instruction Fuzzy Hash: 9F21EB71E456189BEB18CF6BC8007EABAF7AFC9305F04C0BEC50DA6259EB3449858E51

                                          Execution Graph

                                          Execution Coverage:11.4%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:1.7%
                                          Total number of Nodes:173
                                          Total number of Limit Nodes:21
                                          execution_graph 43060 6293c98 43061 6293cde GetCurrentProcess 43060->43061 43063 6293d29 43061->43063 43064 6293d30 GetCurrentThread 43061->43064 43063->43064 43065 6293d6d GetCurrentProcess 43064->43065 43066 6293d66 43064->43066 43067 6293da3 43065->43067 43066->43065 43068 6293dcb GetCurrentThreadId 43067->43068 43069 6293dfc 43068->43069 43070 6ab3378 43071 6ab3680 43070->43071 43072 6ab33a0 43070->43072 43073 6ab33a9 43072->43073 43076 6ab27fc 43072->43076 43075 6ab33cc 43075->43075 43077 6ab2807 43076->43077 43079 6ab36c3 43077->43079 43080 6ab2818 43077->43080 43079->43075 43081 6ab36f8 OleInitialize 43080->43081 43082 6ab375c 43081->43082 43082->43079 42983 d4d030 42984 d4d048 42983->42984 42985 d4d0a2 42984->42985 42991 629e948 42984->42991 42995 629e937 42984->42995 42999 629b72c 42984->42999 43005 629fa98 42984->43005 43011 629e998 42984->43011 42992 629e96e 42991->42992 42993 629b72c 2 API calls 42992->42993 42994 629e98f 42993->42994 42994->42985 42996 629e945 42995->42996 42997 629b72c 2 API calls 42996->42997 42998 629e98f 42997->42998 42998->42985 43000 629b737 42999->43000 43001 629fb07 43000->43001 43016 629fcfc 43000->43016 43022 629fc30 43000->43022 43027 629fc20 43000->43027 43006 629faa8 43005->43006 43007 629fb07 43006->43007 43008 629fcfc 2 API calls 43006->43008 43009 629fc20 2 API calls 43006->43009 43010 629fc30 2 API calls 43006->43010 43008->43007 43009->43007 43010->43007 43012 629e9a7 43011->43012 43013 629e942 43011->43013 43012->42985 43014 629b72c 2 API calls 43013->43014 43015 629e98f 43014->43015 43015->42985 43017 629fcba 43016->43017 43018 629fd0a 43016->43018 43032 629fce8 43017->43032 43035 629fcd8 43017->43035 43019 629fcd0 43019->43001 43023 629fc44 43022->43023 43025 629fce8 2 API calls 43023->43025 43026 629fcd8 2 API calls 43023->43026 43024 629fcd0 43024->43001 43025->43024 43026->43024 43029 629fc30 43027->43029 43028 629fcd0 43028->43001 43030 629fce8 2 API calls 43029->43030 43031 629fcd8 2 API calls 43029->43031 43030->43028 43031->43028 43033 629fcf9 43032->43033 43039 6ab1050 43032->43039 43033->43019 43036 629fce8 43035->43036 43037 629fcf9 43036->43037 43038 6ab1050 2 API calls 43036->43038 43037->43019 43038->43037 43043 6ab1072 43039->43043 43047 6ab1080 43039->43047 43040 6ab106a 43040->43033 43044 6ab1080 43043->43044 43045 6ab111a CallWindowProcW 43044->43045 43046 6ab10c9 43044->43046 43045->43046 43046->43040 43048 6ab10c2 43047->43048 43050 6ab10c9 43047->43050 43049 6ab111a CallWindowProcW 43048->43049 43048->43050 43049->43050 43050->43040 43083 ee099b 43085 ee084e 43083->43085 43084 ee091b 43085->43083 43085->43084 43089 6292b80 43085->43089 43093 6292b90 43085->43093 43097 ee1390 43085->43097 43090 6292b9f 43089->43090 43101 6292314 43090->43101 43094 6292b9f 43093->43094 43095 6292314 4 API calls 43094->43095 43096 6292bc0 43095->43096 43096->43085 43098 ee132a 43097->43098 43099 ee1393 43097->43099 43098->43085 43099->43098 43174 ee8b18 43099->43174 43102 629231f 43101->43102 43105 6293a6c 43102->43105 43104 6294546 43104->43104 43106 6293a77 43105->43106 43107 6294cc7 43106->43107 43108 6294c6c 43106->43108 43112 62968e8 43106->43112 43107->43104 43108->43107 43117 6ab3910 43108->43117 43121 6ab3900 43108->43121 43113 6296909 43112->43113 43114 629692d 43113->43114 43125 6296e9f 43113->43125 43129 6296ea0 43113->43129 43114->43108 43119 6ab3975 43117->43119 43118 6ab3dd8 WaitMessage 43118->43119 43119->43118 43120 6ab39c2 43119->43120 43120->43107 43123 6ab3975 43121->43123 43122 6ab39c2 43122->43107 43123->43122 43124 6ab3dd8 WaitMessage 43123->43124 43124->43123 43126 6296ea0 43125->43126 43127 6296ee6 43126->43127 43133 6294a2c 43126->43133 43127->43114 43130 6296ead 43129->43130 43131 6296ee6 43130->43131 43132 6294a2c 2 API calls 43130->43132 43131->43114 43132->43131 43134 6294a37 43133->43134 43136 6296f58 43134->43136 43137 6294a3c 43134->43137 43136->43136 43138 6294a47 43137->43138 43144 6295c6c 43138->43144 43140 6296fc7 43148 629c2f0 43140->43148 43154 629c2d8 43140->43154 43141 6297001 43141->43136 43147 6295c77 43144->43147 43145 6298250 43145->43140 43146 62968e8 2 API calls 43146->43145 43147->43145 43147->43146 43149 629c36d 43148->43149 43151 629c321 43148->43151 43149->43141 43150 629c32d 43150->43141 43151->43150 43159 629c568 43151->43159 43162 629c558 43151->43162 43155 629c2f0 43154->43155 43156 629c32d 43155->43156 43157 629c568 2 API calls 43155->43157 43158 629c558 2 API calls 43155->43158 43156->43141 43157->43156 43158->43156 43166 629c5a8 43159->43166 43160 629c572 43160->43149 43163 629c568 43162->43163 43165 629c5a8 2 API calls 43163->43165 43164 629c572 43164->43149 43165->43164 43167 629c5ad 43166->43167 43168 629c5ec 43167->43168 43172 629c850 LoadLibraryExW 43167->43172 43173 629c842 LoadLibraryExW 43167->43173 43168->43160 43169 629c5e4 43169->43168 43170 629c7f0 GetModuleHandleW 43169->43170 43171 629c81d 43170->43171 43171->43160 43172->43169 43173->43169 43175 ee8b22 43174->43175 43176 ee8b3c 43175->43176 43179 62bfa38 43175->43179 43185 62bfa27 43175->43185 43176->43099 43181 62bfa4d 43179->43181 43180 62bfc62 43180->43176 43181->43180 43182 62bfecb GlobalMemoryStatusEx GlobalMemoryStatusEx 43181->43182 43183 62bfc78 GlobalMemoryStatusEx GlobalMemoryStatusEx 43181->43183 43184 62bfc88 GlobalMemoryStatusEx GlobalMemoryStatusEx 43181->43184 43182->43181 43183->43181 43184->43181 43187 62bf96b 43185->43187 43188 62bfa36 43185->43188 43186 62bfc62 43186->43176 43187->43176 43188->43186 43189 62bfecb GlobalMemoryStatusEx GlobalMemoryStatusEx 43188->43189 43190 62bfc78 GlobalMemoryStatusEx GlobalMemoryStatusEx 43188->43190 43191 62bfc88 GlobalMemoryStatusEx GlobalMemoryStatusEx 43188->43191 43189->43188 43190->43188 43191->43188 43051 6293ee0 DuplicateHandle 43052 6293f76 43051->43052 43192 629e790 43193 629e7f8 CreateWindowExW 43192->43193 43195 629e8b4 43193->43195 43053 ee70e0 43054 ee7124 CheckRemoteDebuggerPresent 43053->43054 43055 ee7166 43054->43055 43056 ee8940 43057 ee8986 DeleteFileW 43056->43057 43059 ee89bf 43057->43059

                                          Executed Functions

                                          Function 06AB3910 Relevance: 1.9, APIs: 1, Instructions: 396COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 566 6ab3910-6ab3973 567 6ab39a2-6ab39c0 566->567 568 6ab3975-6ab399f 566->568 573 6ab39c9-6ab3a00 567->573 574 6ab39c2-6ab39c4 567->574 568->567 578 6ab3e31 573->578 579 6ab3a06-6ab3a1a 573->579 576 6ab3e82-6ab3e97 574->576 582 6ab3e36-6ab3e4c 578->582 580 6ab3a49-6ab3a68 579->580 581 6ab3a1c-6ab3a46 579->581 588 6ab3a6a-6ab3a70 580->588 589 6ab3a80-6ab3a82 580->589 581->580 582->576 590 6ab3a72 588->590 591 6ab3a74-6ab3a76 588->591 592 6ab3aa1-6ab3aaa 589->592 593 6ab3a84-6ab3a9c 589->593 590->589 591->589 595 6ab3ab2-6ab3ab9 592->595 593->582 596 6ab3abb-6ab3ac1 595->596 597 6ab3ac3-6ab3aca 595->597 598 6ab3ad7-6ab3af4 call 6ab2878 596->598 599 6ab3acc-6ab3ad2 597->599 600 6ab3ad4 597->600 603 6ab3afa-6ab3b01 598->603 604 6ab3c49-6ab3c4d 598->604 599->598 600->598 603->578 605 6ab3b07-6ab3b44 603->605 606 6ab3e1c-6ab3e2f 604->606 607 6ab3c53-6ab3c57 604->607 615 6ab3b4a-6ab3b4f 605->615 616 6ab3e12-6ab3e16 605->616 606->582 608 6ab3c59-6ab3c6c 607->608 609 6ab3c71-6ab3c7a 607->609 608->582 611 6ab3ca9-6ab3cb0 609->611 612 6ab3c7c-6ab3ca6 609->612 613 6ab3d4f-6ab3d56 611->613 614 6ab3cb6-6ab3cbd 611->614 612->611 624 6ab3d5f-6ab3d64 613->624 617 6ab3cbf-6ab3ce9 614->617 618 6ab3cec-6ab3d0e 614->618 619 6ab3b81-6ab3b96 call 6ab289c 615->619 620 6ab3b51-6ab3b5f call 6ab2884 615->620 616->595 616->606 617->618 618->613 653 6ab3d10-6ab3d1a 618->653 628 6ab3b9b-6ab3b9f 619->628 620->619 633 6ab3b61-6ab3b7f call 6ab2890 620->633 624->616 630 6ab3d6a-6ab3d6c 624->630 634 6ab3ba1-6ab3bb3 call 6ab28a8 628->634 635 6ab3c10-6ab3c1d 628->635 631 6ab3db9-6ab3dd6 call 6ab2878 630->631 632 6ab3d6e-6ab3da7 630->632 631->616 650 6ab3dd8-6ab3e04 WaitMessage 631->650 647 6ab3da9-6ab3daf 632->647 648 6ab3db0-6ab3db7 632->648 633->628 658 6ab3bf3-6ab3c0b 634->658 659 6ab3bb5-6ab3be5 634->659 635->616 651 6ab3c23-6ab3c2d call 6ab28b8 635->651 647->648 648->616 655 6ab3e0b 650->655 656 6ab3e06 650->656 663 6ab3c2f-6ab3c37 call 6ab28c4 651->663 664 6ab3c3c-6ab3c44 call 6ab28d0 651->664 666 6ab3d1c-6ab3d22 653->666 667 6ab3d32-6ab3d4d 653->667 655->616 656->655 658->582 674 6ab3bec 659->674 675 6ab3be7 659->675 663->616 664->616 671 6ab3d26-6ab3d28 666->671 672 6ab3d24 666->672 667->613 667->653 671->667 672->667 674->658 675->674
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3347017128.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6ab0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 410f6c26dc6ef0869a513c206e2e0a82c44661d58560d1075ad956e35da7738b
                                          • Instruction ID: 7351c306f6fadc352f8080842682d469f13b289a50f3c2b9bf904c9459392389
                                          • Opcode Fuzzy Hash: 410f6c26dc6ef0869a513c206e2e0a82c44661d58560d1075ad956e35da7738b
                                          • Instruction Fuzzy Hash: 8CF16830E00309CFDB54EFA9C944BADBBF5BF88300F159569D805AF2A6DB70A945CB90
                                          Function 062B55C0 Relevance: 1.8, Strings: 1, Instructions: 587COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 678 62b55c0-62b55dd 679 62b55df-62b55e2 678->679 680 62b55fe-62b5601 679->680 681 62b55e4-62b55f9 679->681 682 62b560b-62b560e 680->682 683 62b5603-62b5606 680->683 681->680 685 62b5610-62b561f 682->685 686 62b5624-62b5627 682->686 683->682 685->686 687 62b5629-62b562f 686->687 688 62b5636-62b5639 686->688 687->683 690 62b5631 687->690 691 62b563f-62b5642 688->691 692 62b56dc-62b56e2 688->692 690->688 695 62b564a-62b564d 691->695 696 62b5644-62b5645 691->696 693 62b5672-62b567c 692->693 694 62b56e4 692->694 704 62b5683-62b5685 693->704 699 62b56e9-62b56ec 694->699 697 62b564f-62b5653 695->697 698 62b565e-62b5661 695->698 696->695 700 62b577a-62b5787 697->700 701 62b5659 697->701 702 62b566d-62b5670 698->702 703 62b5663-62b566c 698->703 705 62b56ee-62b56f0 699->705 706 62b56f3-62b56f6 699->706 701->698 702->693 707 62b568a-62b568d 702->707 704->707 705->706 708 62b571a-62b571d 706->708 709 62b56f8-62b5715 706->709 710 62b568f-62b569c 707->710 711 62b56a1-62b56a4 707->711 712 62b5749-62b574c 708->712 713 62b571f-62b5725 708->713 709->708 710->711 719 62b56b2-62b56b5 711->719 720 62b56a6-62b56ad 711->720 716 62b575b-62b575e 712->716 717 62b574e-62b5754 712->717 714 62b5788-62b57b3 713->714 715 62b5727-62b572f 713->715 735 62b57bd-62b57c0 714->735 715->714 721 62b5731-62b573e 715->721 723 62b5768-62b576a 716->723 724 62b5760-62b5763 716->724 717->713 722 62b5756 717->722 726 62b56d2-62b56d5 719->726 727 62b56b7-62b56cd 719->727 720->719 721->714 728 62b5740-62b5744 721->728 722->716 730 62b576c 723->730 731 62b5771-62b5774 723->731 724->723 726->717 729 62b56d7-62b56da 726->729 727->726 728->712 729->692 729->699 730->731 731->679 731->700 736 62b57c2-62b57cc 735->736 737 62b57d1-62b57d4 735->737 736->737 738 62b57f6-62b57f9 737->738 739 62b57d6-62b57da 737->739 743 62b57fb-62b580c 738->743 744 62b5811-62b5814 738->744 741 62b58a2-62b58b0 739->741 742 62b57e0-62b57e8 739->742 756 62b58b2-62b58dc 741->756 757 62b58e0-62b58e1 741->757 742->741 745 62b57ee-62b57f1 742->745 743->744 746 62b581e-62b5821 744->746 747 62b5816-62b581d 744->747 745->738 750 62b5823-62b582a 746->750 751 62b5831-62b5834 746->751 752 62b589a-62b58a1 750->752 753 62b582c 750->753 754 62b584e-62b5851 751->754 755 62b5836-62b583a 751->755 753->751 760 62b586b-62b586e 754->760 761 62b5853-62b5857 754->761 755->741 758 62b583c-62b5844 755->758 759 62b58de 756->759 762 62b58f9-62b58fc 757->762 763 62b58e3-62b58f6 757->763 758->741 764 62b5846-62b5849 758->764 759->757 766 62b5888-62b588a 760->766 767 62b5870-62b5874 760->767 761->741 765 62b5859-62b5861 761->765 768 62b58fe-62b5903 762->768 769 62b5906-62b5909 762->769 764->754 765->741 770 62b5863-62b5866 765->770 775 62b588c 766->775 776 62b5891-62b5894 766->776 767->741 772 62b5876-62b587e 767->772 768->769 773 62b590b-62b591c 769->773 774 62b5927-62b592a 769->774 770->760 772->741 779 62b5880-62b5883 772->779 783 62b5922 773->783 784 62b5c97-62b5ca8 773->784 777 62b592c-62b593d 774->777 778 62b5944-62b5947 774->778 775->776 776->735 776->752 789 62b595f-62b5966 777->789 790 62b593f 777->790 780 62b5949-62b594c 778->780 781 62b5991-62b5b25 778->781 779->766 786 62b595a-62b595d 780->786 787 62b594e-62b5955 780->787 829 62b5c5b-62b5c6e 781->829 830 62b5b2b-62b5b32 781->830 783->774 784->789 797 62b5cae 784->797 786->789 791 62b596b-62b596e 786->791 787->786 789->791 790->778 793 62b5988-62b598b 791->793 794 62b5970-62b5981 791->794 793->781 795 62b5c71-62b5c74 793->795 794->789 804 62b5983 794->804 799 62b5c92-62b5c95 795->799 800 62b5c76-62b5c87 795->800 798 62b5cb3-62b5cb6 797->798 798->781 803 62b5cbc-62b5cbe 798->803 799->784 799->798 800->763 808 62b5c8d 800->808 806 62b5cc0 803->806 807 62b5cc5-62b5cc8 803->807 804->793 806->807 807->759 810 62b5cce-62b5cd7 807->810 808->799 831 62b5b38-62b5b6b 830->831 832 62b5be6-62b5bed 830->832 843 62b5b6d 831->843 844 62b5b70-62b5bb1 831->844 832->829 833 62b5bef-62b5c22 832->833 845 62b5c27-62b5c54 833->845 846 62b5c24 833->846 843->844 854 62b5bc9-62b5bd0 844->854 855 62b5bb3-62b5bc4 844->855 845->810 846->845 857 62b5bd8-62b5bda 854->857 855->810 857->810
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $
                                          • API String ID: 0-3993045852
                                          • Opcode ID: ddeb78f9cfb16ae00ec3cd79331d8c030da49e955738dcfd84b9fe27ac18e9d8
                                          • Instruction ID: fbc8407aa226f1bca6a1c7f41179f5ecb60deb9a6ebaea93aaf6d55249d2a0f1
                                          • Opcode Fuzzy Hash: ddeb78f9cfb16ae00ec3cd79331d8c030da49e955738dcfd84b9fe27ac18e9d8
                                          • Instruction Fuzzy Hash: 7622BE35E202168BDB60DFA4D4806EEBBB2EF84390F248469E855BF395CB75DC41CB90
                                          Function 00EE70E0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 968 ee70e0-ee7164 CheckRemoteDebuggerPresent 970 ee716d-ee71a8 968->970 971 ee7166-ee716c 968->971 971->970
                                          APIs
                                          • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 00EE7157
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3327131634.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ee0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: CheckDebuggerPresentRemote
                                          • String ID:
                                          • API String ID: 3662101638-0
                                          • Opcode ID: 5db3ad1396e68d792dcfc5daeb0c81779182fbf478778748b84302ecc074e702
                                          • Instruction ID: 03ec01c1c3689225f899a8e68338775ef207dd766efda3826d8776dac00e94f8
                                          • Opcode Fuzzy Hash: 5db3ad1396e68d792dcfc5daeb0c81779182fbf478778748b84302ecc074e702
                                          • Instruction Fuzzy Hash: 882125B280125ACFDB10CF9AD884BEEBBF4AF48320F14845AE459B3351D778A944CF61
                                          Function 062B2350 Relevance: 1.5, Instructions: 1494COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 83f495389dd300726b6403dadc8119fdd1512e4c568ff5aaba960c422704dbbd
                                          • Instruction ID: 9a12ee7a7100cab399a9cc3facf5a0c2a69376e56c4cf1e96c071de08dd46462
                                          • Opcode Fuzzy Hash: 83f495389dd300726b6403dadc8119fdd1512e4c568ff5aaba960c422704dbbd
                                          • Instruction Fuzzy Hash: 61D24B30E11206CFDB64DF68C484AADB7B2FF89350F54D5A9D809AB265DB74ED81CB80
                                          Function 062B65E8 Relevance: .8, Instructions: 817COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cb45ef52fa4b34dec5756466611e2fc609edbb9ef06fcba5250103edc25856eb
                                          • Instruction ID: 274a2e31f4e75f4e0c30815c71c144e369f8285730fd1fcb89535c661c8c4cb9
                                          • Opcode Fuzzy Hash: cb45ef52fa4b34dec5756466611e2fc609edbb9ef06fcba5250103edc25856eb
                                          • Instruction Fuzzy Hash: D462A030B202069FDB54DB68D984BADB7F2EF84390F149469E805EB395DB75EC42CB90
                                          Function 062BC190 Relevance: .6, Instructions: 638COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 50ae9d67d0209a834347ae2ea740e2d3e8dd74a4dcef159fdf9c99cb3d9c4090
                                          • Instruction ID: b4a549ca00e5ebefa7d80dc395721c19ccd48753024b1010e4727ae1cffaf1e4
                                          • Opcode Fuzzy Hash: 50ae9d67d0209a834347ae2ea740e2d3e8dd74a4dcef159fdf9c99cb3d9c4090
                                          • Instruction Fuzzy Hash: 50328234B1110A9FDB54EB68D880BEEB7B2FB88350F109529E905EB355DB75EC81CB90
                                          Function 062B7D78 Relevance: .5, Instructions: 471COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b80dfe3fb00cf22d6538c6e45f573b6d65830f05f6a2ddbdfe15ea0785c7720b
                                          • Instruction ID: 033c8051281582dc469c41fc1dd538047cd989f3c9125e2cffae0ee430c324a9
                                          • Opcode Fuzzy Hash: b80dfe3fb00cf22d6538c6e45f573b6d65830f05f6a2ddbdfe15ea0785c7720b
                                          • Instruction Fuzzy Hash: BE02A130B112069FDB54DB64D8907AEB7F6FF84380F149929E805AB395DB75EC42CB90
                                          Function 06293C93 Relevance: 6.1, APIs: 4, Instructions: 129threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • GetCurrentProcess.KERNEL32 ref: 06293D16
                                          • GetCurrentThread.KERNEL32 ref: 06293D53
                                          • GetCurrentProcess.KERNEL32 ref: 06293D90
                                          • GetCurrentThreadId.KERNEL32 ref: 06293DE9
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345633853.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6290000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: Current$ProcessThread
                                          • String ID:
                                          • API String ID: 2063062207-0
                                          • Opcode ID: cc6a72157e8cc7bb5d572d71e84ba31add2fd13fc55e4547cc7c034fd593e2e4
                                          • Instruction ID: 804d51c1d63d2b90e01b516e11a46d480678ca6219d9248724a8086a77aad669
                                          • Opcode Fuzzy Hash: cc6a72157e8cc7bb5d572d71e84ba31add2fd13fc55e4547cc7c034fd593e2e4
                                          • Instruction Fuzzy Hash: 785145B091134A8FDB54CFA9D948BAEBBF1EF88314F208459E809A7350D7B45984CF65
                                          Function 06293C98 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • GetCurrentProcess.KERNEL32 ref: 06293D16
                                          • GetCurrentThread.KERNEL32 ref: 06293D53
                                          • GetCurrentProcess.KERNEL32 ref: 06293D90
                                          • GetCurrentThreadId.KERNEL32 ref: 06293DE9
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345633853.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6290000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: Current$ProcessThread
                                          • String ID:
                                          • API String ID: 2063062207-0
                                          • Opcode ID: 6848a6c5b07fe4760579e2755d1ed5ffe64e4d7b9e6f0051863582cd97f4adc2
                                          • Instruction ID: b96f5e197c985675957d1f50020a1ae698f8a41e9e85ee8393e473db1767920a
                                          • Opcode Fuzzy Hash: 6848a6c5b07fe4760579e2755d1ed5ffe64e4d7b9e6f0051863582cd97f4adc2
                                          • Instruction Fuzzy Hash: CD5156B091034A8FDB54CFA9D948B9EBBF1FF88314F208459E809A7350DBB45984CF65
                                          Function 06AB36F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42comCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 44 6ab36f0 45 6ab36f5-6ab375a OleInitialize 44->45 46 6ab375c-6ab3762 45->46 47 6ab3763-6ab3780 45->47 46->47
                                          APIs
                                          • OleInitialize.OLE32(00000000), ref: 06AB374D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3347017128.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6ab0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: Initialize
                                          • String ID: W
                                          • API String ID: 2538663250-655174618
                                          • Opcode ID: 2a1dd6d993928f59ca8cc71105c3265e94f13ec87d7480d2637d959c3fbcd935
                                          • Instruction ID: e0f2cc835043d8cb0028992e189dfcea574249ebc546c8597a0dfc6d11e119cd
                                          • Opcode Fuzzy Hash: 2a1dd6d993928f59ca8cc71105c3265e94f13ec87d7480d2637d959c3fbcd935
                                          • Instruction Fuzzy Hash: EE1130B1D00349CFDB10DF9AC5847CEBBF4AF48324F20855AD528A3250C3B8A980CFA4
                                          Function 0629C5A8 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 858 629c5a8-629c5c7 860 629c5c9-629c5d6 call 629b54c 858->860 861 629c5f3-629c5f7 858->861 867 629c5d8 860->867 868 629c5ec 860->868 863 629c5f9-629c603 861->863 864 629c60b-629c64c 861->864 863->864 870 629c659-629c667 864->870 871 629c64e-629c656 864->871 915 629c5de call 629c850 867->915 916 629c5de call 629c842 867->916 868->861 872 629c669-629c66e 870->872 873 629c68b-629c68d 870->873 871->870 875 629c679 872->875 876 629c670-629c677 call 629b558 872->876 878 629c690-629c697 873->878 874 629c5e4-629c5e6 874->868 877 629c728-629c7e8 874->877 880 629c67b-629c689 875->880 876->880 910 629c7ea-629c7ed 877->910 911 629c7f0-629c81b GetModuleHandleW 877->911 881 629c699-629c6a1 878->881 882 629c6a4-629c6ab 878->882 880->878 881->882 883 629c6b8-629c6c1 call 62947e0 882->883 884 629c6ad-629c6b5 882->884 890 629c6ce-629c6d3 883->890 891 629c6c3-629c6cb 883->891 884->883 892 629c6f1-629c6fe 890->892 893 629c6d5-629c6dc 890->893 891->890 900 629c721-629c727 892->900 901 629c700-629c71e 892->901 893->892 895 629c6de-629c6ee call 6299d98 call 629b568 893->895 895->892 901->900 910->911 912 629c81d-629c823 911->912 913 629c824-629c838 911->913 912->913 915->874 916->874
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 0629C80E
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345633853.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6290000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: d1269019d142d3cae7d56ef128f29830c0b9bd525e003770fd0d56988578d68c
                                          • Instruction ID: 74db8df9e8687e1e7b20cd52c036049d12b50619c3a09e37536e085564b0b6ce
                                          • Opcode Fuzzy Hash: d1269019d142d3cae7d56ef128f29830c0b9bd525e003770fd0d56988578d68c
                                          • Instruction Fuzzy Hash: 90814870A10B068FDBA4DF29D54476ABBF1FF88304F10892DD896DBA50DB74E845CBA1
                                          Function 0629E784 Relevance: 1.6, APIs: 1, Instructions: 120COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 917 629e784-629e7f6 919 629e7f8-629e7fe 917->919 920 629e801-629e808 917->920 919->920 921 629e80a-629e810 920->921 922 629e813-629e84b 920->922 921->922 923 629e853-629e8b2 CreateWindowExW 922->923 924 629e8bb-629e8f3 923->924 925 629e8b4-629e8ba 923->925 929 629e900 924->929 930 629e8f5-629e8f8 924->930 925->924 931 629e901 929->931 930->929 931->931
                                          APIs
                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0629E8A2
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345633853.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6290000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: CreateWindow
                                          • String ID:
                                          • API String ID: 716092398-0
                                          • Opcode ID: 7b4317a94b0e22e011820c5fdfd0241166f39159f848f247adb6faa55dc2cc17
                                          • Instruction ID: d7713a7d8c7c11e5c98496c746cb350a950bc2ffc1489b4426e9574afe36647a
                                          • Opcode Fuzzy Hash: 7b4317a94b0e22e011820c5fdfd0241166f39159f848f247adb6faa55dc2cc17
                                          • Instruction Fuzzy Hash: F251C2B1D103499FDF14CF99C884ADEBFB5BF88350F64852AE818AB210D7719845CF90
                                          Function 0629E790 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 932 629e790-629e7f6 933 629e7f8-629e7fe 932->933 934 629e801-629e808 932->934 933->934 935 629e80a-629e810 934->935 936 629e813-629e8b2 CreateWindowExW 934->936 935->936 938 629e8bb-629e8f3 936->938 939 629e8b4-629e8ba 936->939 943 629e900 938->943 944 629e8f5-629e8f8 938->944 939->938 945 629e901 943->945 944->943 945->945
                                          APIs
                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0629E8A2
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345633853.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6290000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: CreateWindow
                                          • String ID:
                                          • API String ID: 716092398-0
                                          • Opcode ID: b349eec69c4330f3cf0f7889b51f907700f8b1fe0ba51a6059bd382d2829a14d
                                          • Instruction ID: 298a2a18b1b4b06c3eb74f1b5fcfb4d8c99a407bb09258a42f432893829b8892
                                          • Opcode Fuzzy Hash: b349eec69c4330f3cf0f7889b51f907700f8b1fe0ba51a6059bd382d2829a14d
                                          • Instruction Fuzzy Hash: AA41B0B1D10349DFDF14CF99C884ADEBBB5BF88350F25822AE818AB210D775A845CF90
                                          Function 06AB1080 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 946 6ab1080-6ab10bc 947 6ab116c-6ab118c 946->947 948 6ab10c2-6ab10c7 946->948 954 6ab118f-6ab119c 947->954 949 6ab111a-6ab1152 CallWindowProcW 948->949 950 6ab10c9-6ab1100 948->950 952 6ab115b-6ab116a 949->952 953 6ab1154-6ab115a 949->953 957 6ab1109-6ab1118 950->957 958 6ab1102-6ab1108 950->958 952->954 953->952 957->954 958->957
                                          APIs
                                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 06AB1141
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3347017128.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6ab0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: CallProcWindow
                                          • String ID:
                                          • API String ID: 2714655100-0
                                          • Opcode ID: f7b5abaaca8dc4a8f69c60150ad63b0985063e5266a9881c00d56dbe1c10f06b
                                          • Instruction ID: 03a710aad04d6b0a68e649d9ce0b2a3b6b4227e58e78cbe66ac3bbd002052aa7
                                          • Opcode Fuzzy Hash: f7b5abaaca8dc4a8f69c60150ad63b0985063e5266a9881c00d56dbe1c10f06b
                                          • Instruction Fuzzy Hash: 694138B5A00309CFDB54DF99D848AAABBF9FF88314F24C458D518AB321D375A841CFA0
                                          Function 00EE70D8 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 960 ee70d8-ee70dc 961 ee70de-ee7164 CheckRemoteDebuggerPresent 960->961 962 ee70cf-ee70d7 960->962 964 ee716d-ee71a8 961->964 965 ee7166-ee716c 961->965 962->960 965->964
                                          APIs
                                          • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 00EE7157
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3327131634.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ee0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: CheckDebuggerPresentRemote
                                          • String ID:
                                          • API String ID: 3662101638-0
                                          • Opcode ID: f449da5c6675b26f9d46693c465c2b01f3333eeb7e1ffd83b95d7d90cdacf4f6
                                          • Instruction ID: e1df9902159d816d25d0d37e0dfc77638355725f65f3e3954446a86dcd7e1eda
                                          • Opcode Fuzzy Hash: f449da5c6675b26f9d46693c465c2b01f3333eeb7e1ffd83b95d7d90cdacf4f6
                                          • Instruction Fuzzy Hash: 2D2157718053998FDB11CFAAD8807EEBFF0AF4A310F14845AD485F7251C778A945CB61
                                          Function 06293ED8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 974 6293ed8-6293edf 975 6293ee0-6293f74 DuplicateHandle 974->975 976 6293f7d-6293f9a 975->976 977 6293f76-6293f7c 975->977 977->976
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06293F67
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345633853.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6290000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 72f29536a1ec519e79c3096e72170eaef945e6aa2b656900eca4c6c119b3f75f
                                          • Instruction ID: d5e462224b4f4993b4595d9b92f1c14a9e61547904aa916738920bb3f02e4718
                                          • Opcode Fuzzy Hash: 72f29536a1ec519e79c3096e72170eaef945e6aa2b656900eca4c6c119b3f75f
                                          • Instruction Fuzzy Hash: B921E5B5D002499FDB10CFAAD984ADEBBF5FB48314F14801AE915A3310D374A950CFA1
                                          Function 00EEF64F Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 980 eef64f-eef6dc GlobalMemoryStatusEx 983 eef6de-eef6e4 980->983 984 eef6e5-eef70d 980->984 983->984
                                          APIs
                                          • GlobalMemoryStatusEx.KERNELBASE ref: 00EEF6CF
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3327131634.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ee0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: GlobalMemoryStatus
                                          • String ID:
                                          • API String ID: 1890195054-0
                                          • Opcode ID: ffdba42fdd26b901bd4fba9aa467bc7811db08e9715b29f611df37a601f442d8
                                          • Instruction ID: 29acd956c7dec9ba21694f6fde4281877585d67e30bad8c81d21fe70d8fdfb64
                                          • Opcode Fuzzy Hash: ffdba42fdd26b901bd4fba9aa467bc7811db08e9715b29f611df37a601f442d8
                                          • Instruction Fuzzy Hash: 91214AB1C0429A9FDB10CFAAC4447DEFBF4AF48314F14826AD518B7251D3789955CFA1
                                          Function 06293EE0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 987 6293ee0-6293f74 DuplicateHandle 988 6293f7d-6293f9a 987->988 989 6293f76-6293f7c 987->989 989->988
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06293F67
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345633853.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6290000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 307899d700f49352de85b154fd165ce1568803fd3d74c09b2d5a689d6c513c31
                                          • Instruction ID: 11ef0afc2db33979eea9b7b79818c89c3a6cd69c8b8ef208c528cd23b9fd456d
                                          • Opcode Fuzzy Hash: 307899d700f49352de85b154fd165ce1568803fd3d74c09b2d5a689d6c513c31
                                          • Instruction Fuzzy Hash: B921C4B5D00249DFDB10CFAAD984ADEBBF5FB48324F14841AE914A3350D374A954CF65
                                          Function 00EE8939 Relevance: 1.6, APIs: 1, Instructions: 58fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 992 ee8939-ee898a 994 ee898c-ee898f 992->994 995 ee8992-ee89bd DeleteFileW 992->995 994->995 996 ee89bf-ee89c5 995->996 997 ee89c6-ee89ee 995->997 996->997
                                          APIs
                                          • DeleteFileW.KERNELBASE(00000000), ref: 00EE89B0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3327131634.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ee0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: DeleteFile
                                          • String ID:
                                          • API String ID: 4033686569-0
                                          • Opcode ID: 2bc4ea40a61de76919dc9fbb01b91df36e37f566c69db580c44a404895f00949
                                          • Instruction ID: 01be8ef30bb3dfdb0fa13e195738a2201666d26b50dbdc44fa4eb8f7ef16bf5c
                                          • Opcode Fuzzy Hash: 2bc4ea40a61de76919dc9fbb01b91df36e37f566c69db580c44a404895f00949
                                          • Instruction Fuzzy Hash: E02127B1C0065A9FCB10CFAAC545BEEFBB0BF88720F14811AD958B7241D779A945CFA1
                                          Function 00EE8940 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • DeleteFileW.KERNELBASE(00000000), ref: 00EE89B0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3327131634.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ee0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: DeleteFile
                                          • String ID:
                                          • API String ID: 4033686569-0
                                          • Opcode ID: 240cf415c537ceb55b262823bb0cfc3db4eb947e383a2f76b355e067bfb9a37b
                                          • Instruction ID: 2dfd9c2efc3882cccb1e412cee9588f696c7875d58ef367fe46e9337d407e070
                                          • Opcode Fuzzy Hash: 240cf415c537ceb55b262823bb0cfc3db4eb947e383a2f76b355e067bfb9a37b
                                          • Instruction Fuzzy Hash: 091136B1C0065A9FCB10CF9AC5447AEFBB4BF88720F10812AD918B7241D778A940CFA5
                                          Function 0629B590 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0629C889,00000800,00000000,00000000), ref: 0629CA7A
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345633853.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6290000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: c74b8eb1acecc5d7abbaab5f84c39f89b2903524205300653d4039b6c39daa88
                                          • Instruction ID: 69ecb8b8448b14f967cd05ce2f7ccb2ee689ec0b4e9ccd82c61c7bfec00681c7
                                          • Opcode Fuzzy Hash: c74b8eb1acecc5d7abbaab5f84c39f89b2903524205300653d4039b6c39daa88
                                          • Instruction Fuzzy Hash: 5011D3B6D043499FDB10CF9AC444BDEFBF4AB88320F10842AE919A7200C3B9A545CFA5
                                          Function 00EEF668 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                          Download Yara Rule
                                          APIs
                                          • GlobalMemoryStatusEx.KERNELBASE ref: 00EEF6CF
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3327131634.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ee0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: GlobalMemoryStatus
                                          • String ID:
                                          • API String ID: 1890195054-0
                                          • Opcode ID: 5fed37b4b8bedded0c9f679a02d4fe4eb1a852d8f098157b89e72713a018e61b
                                          • Instruction ID: 361d1bdfcbcc4cc8c06e24ea4a0dc8c7d342ff22575648bc73d235d77b564c53
                                          • Opcode Fuzzy Hash: 5fed37b4b8bedded0c9f679a02d4fe4eb1a852d8f098157b89e72713a018e61b
                                          • Instruction Fuzzy Hash: 531114B1C0065A9BDB10CF9AC44479EFBF4AF48324F10812AD918B7240D3B8A950CFA5
                                          Function 0629CA0A Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0629C889,00000800,00000000,00000000), ref: 0629CA7A
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345633853.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6290000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: d0d02160903cff8002e2d732506b302be9fd31c58da583fad93f8af4bf8121b1
                                          • Instruction ID: 4bb34adcad09707713f3a08f8a48d816c0f0b801157179e2202dc3ee9adad366
                                          • Opcode Fuzzy Hash: d0d02160903cff8002e2d732506b302be9fd31c58da583fad93f8af4bf8121b1
                                          • Instruction Fuzzy Hash: BC1114B6D002498FDB10CF9AD444BDEFBF5AF88310F14842AD959A7200C375A545CFA5
                                          Function 0629C7A8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 0629C80E
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345633853.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6290000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: 15d376a6d037ad5e2903ace5961857372929a12f569d188eddc47cfe41a54a58
                                          • Instruction ID: 1f71b0bda20d12122f27aa94e8c45ec2d8f9e0502b5ebc56f3d736856047a4f8
                                          • Opcode Fuzzy Hash: 15d376a6d037ad5e2903ace5961857372929a12f569d188eddc47cfe41a54a58
                                          • Instruction Fuzzy Hash: 9A11DFB6D006498FDB14CF9AC844BDEFBF5AF88224F10842AD819B7210D379A545CFA1
                                          Function 06AB2818 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                          Download Yara Rule
                                          APIs
                                          • OleInitialize.OLE32(00000000), ref: 06AB374D
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3347017128.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6ab0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID: Initialize
                                          • String ID:
                                          • API String ID: 2538663250-0
                                          • Opcode ID: 8d3ba32876b62d1fb2af26fea9dddd2cab26997f5e191bdd3e5a18c91a9310b5
                                          • Instruction ID: 66d61c8fe89e1cb8b1c4d7592e02f500ae6496a4d9e09fd254f90683342fccc5
                                          • Opcode Fuzzy Hash: 8d3ba32876b62d1fb2af26fea9dddd2cab26997f5e191bdd3e5a18c91a9310b5
                                          • Instruction Fuzzy Hash: 901133B1900349CFDB10DF9AC584BDEBBF8EF48320F208459D518A7200C3B8A940CFA5
                                          Function 062BFECB Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: |
                                          • API String ID: 0-2343686810
                                          • Opcode ID: e5925706b8557fab779153b05d7ba0e3196dad11dd7419efaa5173b34db4854e
                                          • Instruction ID: 48dc928de9975dac6c8dff49c0c6da94a65b4eb84275d333d973f96887d927a1
                                          • Opcode Fuzzy Hash: e5925706b8557fab779153b05d7ba0e3196dad11dd7419efaa5173b34db4854e
                                          • Instruction Fuzzy Hash: C521A171F142548FDB54DB78E8057ADBBF1EF49710F0484AAEA09DB3A2DB359900CB41
                                          Function 062BFEE8 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: |
                                          • API String ID: 0-2343686810
                                          • Opcode ID: c19702ed1951762e88125e023de78209f71ddba2d9491dd42a0f0463f079d400
                                          • Instruction ID: 03c845394731adce0481f7dbab1dc4ff16906126a20aa411c04c8fdfbccdd655
                                          • Opcode Fuzzy Hash: c19702ed1951762e88125e023de78209f71ddba2d9491dd42a0f0463f079d400
                                          • Instruction Fuzzy Hash: 1D114C70B102149FDB44DB789805BADBBF5AF48740F108469EA0AE7390DA75A900CB80
                                          Function 062BCF40 Relevance: .8, Instructions: 803COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d542d46ff871a2e45c4c61d8ae3763278e5bc15f127e0ae307edef6d36e39382
                                          • Instruction ID: b28e2d33a8b0d4c8f4df27446bab1c368f4a389b5b2a1e183de7a220b58c4c8c
                                          • Opcode Fuzzy Hash: d542d46ff871a2e45c4c61d8ae3763278e5bc15f127e0ae307edef6d36e39382
                                          • Instruction Fuzzy Hash: 89626E30A1120ACFDB55EF68D590A9DB7B2FF84344F209A28D405AF359DB75EC86CB90
                                          Function 062BB509 Relevance: .6, Instructions: 555COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 29883eb99ea9d8ac77e77420b39a4ed416ca42736e7d8650c48f71159d459478
                                          • Instruction ID: 4f9b7ec27a415ea682c1ccb126b988f2de4d6552a112b107eb3c18ebf2fc7367
                                          • Opcode Fuzzy Hash: 29883eb99ea9d8ac77e77420b39a4ed416ca42736e7d8650c48f71159d459478
                                          • Instruction Fuzzy Hash: 25127030E2010A8FEFA4CBA8D4947EDB7B2EB49351F249526E855DB396CE34DC81CB51
                                          Function 062BACD0 Relevance: .4, Instructions: 391COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6e551a1f2bb8c13c9ba27ed190e605d182af86c7f5dabd1ee1aceba0c9166bff
                                          • Instruction ID: 9a80e8794499a427a6f38b5c7e0899a823903531f581be194ef6ea96db007f13
                                          • Opcode Fuzzy Hash: 6e551a1f2bb8c13c9ba27ed190e605d182af86c7f5dabd1ee1aceba0c9166bff
                                          • Instruction Fuzzy Hash: FCE16330E202068BDB59DB68D8806AEB7B2FF85340F209529E905EB355DF75D842CB91
                                          Function 062B42A8 Relevance: .2, Instructions: 230COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e9530853bbf615ed006482e1e3b35bc22d48b3a9713f627362bccfcd698840c3
                                          • Instruction ID: 6e2f0852ebfe086f5756d8dc19898c337e16feae14f3e0c1ee3c1c0b2d254f58
                                          • Opcode Fuzzy Hash: e9530853bbf615ed006482e1e3b35bc22d48b3a9713f627362bccfcd698840c3
                                          • Instruction Fuzzy Hash: B0814E30B112468FDB44EB68D4907AE77F2EF85340F248529D80AEB399EA74DC428B91
                                          Function 062B9148 Relevance: .2, Instructions: 230COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4f86250930ffe01a0dbfd233f4a368074939d2675039e57171b685aa7719909f
                                          • Instruction ID: e9281f5f0761b582e1c939387deffe8861937d5c989acbd456a14d1ce3685d78
                                          • Opcode Fuzzy Hash: 4f86250930ffe01a0dbfd233f4a368074939d2675039e57171b685aa7719909f
                                          • Instruction Fuzzy Hash: D8916230F1121A8FDB54DB78D8907AE73B6FF85340F148569D909EB348EE709D868B91
                                          Function 062B61E8 Relevance: .2, Instructions: 229COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 07484824f9c31bec6787bc22c4ee07228384cacafa26ac54cf003e59972a38e2
                                          • Instruction ID: a7c798fd50c17e2ffaa195fd6f5b09de90997d6e9d2537e8f393a6fd4a3fd1b3
                                          • Opcode Fuzzy Hash: 07484824f9c31bec6787bc22c4ee07228384cacafa26ac54cf003e59972a38e2
                                          • Instruction Fuzzy Hash: 8561E272F101224BDF549A6DC8806AFBAD7EFC4360B254479E90EDB364DEA5EC0287D1
                                          Function 062B42C8 Relevance: .2, Instructions: 218COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 65e3f4863d4faad6d088468a9ec8f058b3e5f8e84e3b05344acfa3d3631aa00d
                                          • Instruction ID: e7ee95bd68124d14da1a4444381e2a0ea0d7f339b4d11389951b35e14b8bae91
                                          • Opcode Fuzzy Hash: 65e3f4863d4faad6d088468a9ec8f058b3e5f8e84e3b05344acfa3d3631aa00d
                                          • Instruction Fuzzy Hash: 35813F30B116468FDB44EF68D4946AEB7F2EF85340F248529D80AEB359EB74DC428791
                                          Function 062B45DC Relevance: .2, Instructions: 217COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 50d665c076207eee74e70f7fddb70ab536959442ce8641987d0675c34a3c59d9
                                          • Instruction ID: fd896ef2bc73405e6714dec0cf92062b5ecb81387084dd80d480c5a65d124491
                                          • Opcode Fuzzy Hash: 50d665c076207eee74e70f7fddb70ab536959442ce8641987d0675c34a3c59d9
                                          • Instruction Fuzzy Hash: D8912E34E1065A8BDF60DF68C880BDDB7B1FF85314F208699D549BB245DB70AA85CF90
                                          Function 062B45F0 Relevance: .2, Instructions: 210COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2be6ca3ead6bfaeeb89d76c55e79a39d0fd15cfefe322ee630673933967f4414
                                          • Instruction ID: 2b2309c511167b9fb43dfc3d41ad9117dda4b909fd51f82a4c3aae24246407f2
                                          • Opcode Fuzzy Hash: 2be6ca3ead6bfaeeb89d76c55e79a39d0fd15cfefe322ee630673933967f4414
                                          • Instruction Fuzzy Hash: FA912D30E1061A8BDF64DF68C880BDDB7B1FF89314F208699D549BB245DB70AA85CF90
                                          Function 062BFA27 Relevance: .2, Instructions: 206COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e685e9d250ae024df6910aa6ba91acfb32a78f4f4e7aa2f41f8397f553c3e1bb
                                          • Instruction ID: 526b762a5155fc98a72726b9b573eddd426cde87aa5aa2e8321eabe352a45427
                                          • Opcode Fuzzy Hash: e685e9d250ae024df6910aa6ba91acfb32a78f4f4e7aa2f41f8397f553c3e1bb
                                          • Instruction Fuzzy Hash: ED512630F201059BFF6466BCDD547AF3A5AD7C9380F20542AE90AD73D6CE68CC9147A2
                                          Function 062BEB09 Relevance: .2, Instructions: 203COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 12020014f974394ab9c3481bcdd107d8daa9b249d85f6a5bf82828083e6085ac
                                          • Instruction ID: 5ab5d9390fb1229747ff2292015eeaeaed41397889974a08ae2134c7ded6aecb
                                          • Opcode Fuzzy Hash: 12020014f974394ab9c3481bcdd107d8daa9b249d85f6a5bf82828083e6085ac
                                          • Instruction Fuzzy Hash: C0715930A102098FDB54EBA8D981AEEBBF6FF84340F159429E446EB355DB70E842CB50
                                          Function 062BEB18 Relevance: .2, Instructions: 201COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 610a3b9852db2f5e5c88b8a6fcf565db0a3b2b5a43a11fd30f11621929b1db2f
                                          • Instruction ID: 37ddfca42f348bccf39e141ff9e3d174953c7f03e6c89078e91585404d27db19
                                          • Opcode Fuzzy Hash: 610a3b9852db2f5e5c88b8a6fcf565db0a3b2b5a43a11fd30f11621929b1db2f
                                          • Instruction Fuzzy Hash: FD714930A102098FDB54EBA9D980AEEBBF6FF84340F159529E445EB355DB70EC46CB50
                                          Function 062B4B88 Relevance: .2, Instructions: 186COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b0d77bbcb238adfa62f8d2033b482b5ef8b675c6af5fab9dc19b4b18da63ac08
                                          • Instruction ID: 3391989f5ecb1e7a0270ba24cd6b352278f95b2476d0e184f245f5bba9750831
                                          • Opcode Fuzzy Hash: b0d77bbcb238adfa62f8d2033b482b5ef8b675c6af5fab9dc19b4b18da63ac08
                                          • Instruction Fuzzy Hash: 8E617E30E102199FEF549FA8D8547AEBBF6EF88340F20842AE505AB395DF744D458B90
                                          Function 062BFC88 Relevance: .2, Instructions: 171COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1e43481055b203f1b75652cf9f3de6f988c486a8673cff4727eb4b3a1f5e806e
                                          • Instruction ID: 735c71ed66d2ddb2d0517ad66d7165933f5c989124f09b6dfd00fc2f63b1917e
                                          • Opcode Fuzzy Hash: 1e43481055b203f1b75652cf9f3de6f988c486a8673cff4727eb4b3a1f5e806e
                                          • Instruction Fuzzy Hash: 0B51F331E10206DFCB14EB78E9846EDBBB2FF84351F109869EA06DB291DB319955CB80
                                          Function 062BFA38 Relevance: .2, Instructions: 163COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 84c1ae88a27d1af4e14c3941704051a7809482221659927fa8cbdbe94fd9484a
                                          • Instruction ID: 9fa68304592395a7c98f4da9dbe831cc1b91d226661329b2afdd7ec01707f369
                                          • Opcode Fuzzy Hash: 84c1ae88a27d1af4e14c3941704051a7809482221659927fa8cbdbe94fd9484a
                                          • Instruction Fuzzy Hash: 3B51D330F201059BEF64B6ACDD547AE3A5AD7C9390F205429E90AD73D6CE68CC9187A2
                                          Function 062B913A Relevance: .2, Instructions: 158COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7671959d3861781ba9f1b4bb64bc0b4a864d856f04af1441dd6e3437da227326
                                          • Instruction ID: 8bba8ffffe09a2b63f7871eb5368c3c310159f04d2b5672aa3e56a62a4b3e45e
                                          • Opcode Fuzzy Hash: 7671959d3861781ba9f1b4bb64bc0b4a864d856f04af1441dd6e3437da227326
                                          • Instruction Fuzzy Hash: 51514E30F111569FEB54DB78D890BAE73F6FB89340F148569D90ADB388EA71DC428B90
                                          Function 062B4B78 Relevance: .1, Instructions: 127COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5e6ea4eecdf1d4d9e8fd3193c9528ca0399b6f75efaac28ad9c36333d5b89236
                                          • Instruction ID: 3ffae900550bccf211c38899285a52e53254d1e7d0ad73405adbd4e05c7972df
                                          • Opcode Fuzzy Hash: 5e6ea4eecdf1d4d9e8fd3193c9528ca0399b6f75efaac28ad9c36333d5b89236
                                          • Instruction Fuzzy Hash: BB416E70F102199FDB559FA8D854BAEBBF6FF88300F208529E505EB395DE748C458BA0
                                          Function 062B5448 Relevance: .1, Instructions: 126COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8eae31ea8be564543f58d10fad5c97833553a83df05f08429cb3ef6b1800ea1a
                                          • Instruction ID: 87e8179232d50cb0809477dcdb9e2108c8752573d1621e77ceff71e3d48492f1
                                          • Opcode Fuzzy Hash: 8eae31ea8be564543f58d10fad5c97833553a83df05f08429cb3ef6b1800ea1a
                                          • Instruction Fuzzy Hash: 9F417E71E1060A9FDF70CE99D880AAFF7F2FB84351F10492AE616EB640D630E8558B90
                                          Function 062BDAB5 Relevance: .1, Instructions: 117COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 714b92d6da072b3895374d808f7e5a89a9038055e30e483852f330c1fdb238ef
                                          • Instruction ID: 0531f389e7736e1bb8af3c7e2b277dea4ab6363fa00a8edda391b80e655f1d77
                                          • Opcode Fuzzy Hash: 714b92d6da072b3895374d808f7e5a89a9038055e30e483852f330c1fdb238ef
                                          • Instruction Fuzzy Hash: 1141A230E2174A9FDB54DF69C9946DEBBB6FF85340F104929E805EB280DB70E942CB51
                                          Function 062BDAC8 Relevance: .1, Instructions: 117COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 58c1a306ee7a1cc73e33105bad77637c53fd926b885cbf21a154aa6473a9bca3
                                          • Instruction ID: ce34a52f7e8aafcf1aa20d3b78cc8fdbc8dbc51c80438fc6e32cb220d51f297d
                                          • Opcode Fuzzy Hash: 58c1a306ee7a1cc73e33105bad77637c53fd926b885cbf21a154aa6473a9bca3
                                          • Instruction Fuzzy Hash: 59415E30E2134A9BDB54DF69D9947DEBBB2FF85340F205929D805EB280DBB09942CB91
                                          Function 062B21B5 Relevance: .1, Instructions: 114COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a6910d60a6ec2936c5f8123150d9132ba2cdf95c89314c34b40e130024a39e88
                                          • Instruction ID: b03b49dec0374b5d6ebc0b1ac40638cb0228a2b78a158d19b60cf227f9b13342
                                          • Opcode Fuzzy Hash: a6910d60a6ec2936c5f8123150d9132ba2cdf95c89314c34b40e130024a39e88
                                          • Instruction Fuzzy Hash: C831F330B21306CFDB58AB34C5A46BF7BA2EB89340F145528D802DB395DE35DD42CBA0
                                          Function 062B21C8 Relevance: .1, Instructions: 105COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 14f386be7715e8ed7e941b9bb48d3d26c13c551d40f755a231e0d694c770dcd1
                                          • Instruction ID: 4054ef5408adbd5c58fc0d52a1aa35b7475131c06d540f462cfab960341fdbbe
                                          • Opcode Fuzzy Hash: 14f386be7715e8ed7e941b9bb48d3d26c13c551d40f755a231e0d694c770dcd1
                                          • Instruction Fuzzy Hash: 8D31CF30B21306CFDB58AB78C9946AF7BA2EB89341F145528D806DB395DE31CD41C7A1
                                          Function 062BD968 Relevance: .1, Instructions: 101COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8e248ef4fa7933773376bbd4c905fe16d76317c602c7f0daf20582052dda8882
                                          • Instruction ID: 8c6db5442738302aa75eac01b27d56d5d2dc02b7bf535b71e0ebecbf19983ff1
                                          • Opcode Fuzzy Hash: 8e248ef4fa7933773376bbd4c905fe16d76317c602c7f0daf20582052dda8882
                                          • Instruction Fuzzy Hash: 9931A730E2470A9BDF15DF64C8806DEBBB6FF85340F509929E905EB344DBB0E9468B91
                                          Function 062B2078 Relevance: .1, Instructions: 99COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e2d80686ab435e9cdf00f8bfbd237ae5c59f0adf9cf18bed00993e02e2be1a4b
                                          • Instruction ID: 564b95a9872b2f107f8db3e48ab4719fa25e36f293b0531bf8ff4fef6b3abfb6
                                          • Opcode Fuzzy Hash: e2d80686ab435e9cdf00f8bfbd237ae5c59f0adf9cf18bed00993e02e2be1a4b
                                          • Instruction Fuzzy Hash: 3F319274E21206DBCB19CF68C8946EEB7B2EF89300F148929E916E7341DB71AD42CB50
                                          Function 062B2088 Relevance: .1, Instructions: 91COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1c4b858605a80cffbeef29f9c003b8bdf599eca76ee44fd8067f27974fb45e3c
                                          • Instruction ID: 128511db04f2c984e8f920fc50710455c124ce7e4e0aff019cff45c691d58110
                                          • Opcode Fuzzy Hash: 1c4b858605a80cffbeef29f9c003b8bdf599eca76ee44fd8067f27974fb45e3c
                                          • Instruction Fuzzy Hash: 3D318270E21206DBDB19DF68D8946EEB7B2FF89340F148919E816E7341DB71AD41CB50
                                          Function 062B3AB8 Relevance: .1, Instructions: 80COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 62d07d39b889a6f9fcbcdc6551daca96aee3e79b752821d6af96656b4c574090
                                          • Instruction ID: 7d88f82494ea354ce31fe1760ec2f3ef1fe687327249974c08214da6048e97f3
                                          • Opcode Fuzzy Hash: 62d07d39b889a6f9fcbcdc6551daca96aee3e79b752821d6af96656b4c574090
                                          • Instruction Fuzzy Hash: 45217C35E112169FDB40DF69D880AEEBBF6EB48750F148029E905EB354EB31E8418B90
                                          Function 062B3AC8 Relevance: .1, Instructions: 78COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2ecd9568a9f1e2419e094c75d0b8173df06bfb560be6d59be41d83b3e1fa6825
                                          • Instruction ID: c52d4f8d9061da4ecde8f3bfcbfb2055ddc6ba5e040284612ce4367a1345dc41
                                          • Opcode Fuzzy Hash: 2ecd9568a9f1e2419e094c75d0b8173df06bfb560be6d59be41d83b3e1fa6825
                                          • Instruction Fuzzy Hash: D8217A75F112169FDB50DF69D880AEEB7F5FB48750F10802AE905EB354EB31E8418B90
                                          Function 00D4D030 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3326329841.0000000000D4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D4D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d4d000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c3b94f0e176659782ab8c4d9ca0a1d41a7ff269f5d8a8cc05b7a39ba310884c7
                                          • Instruction ID: 2cd20e6fe14c1d70289b27b1be2c726d872a10367256fbd1e804752168eec00e
                                          • Opcode Fuzzy Hash: c3b94f0e176659782ab8c4d9ca0a1d41a7ff269f5d8a8cc05b7a39ba310884c7
                                          • Instruction Fuzzy Hash: C3212FB1604244EFCB14DF14D9C0B26BBA2FB84314F24C56DE94A0B292C37AD846CA72
                                          Function 00D4D005 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3326329841.0000000000D4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D4D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d4d000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0775756390550a6ccd495c4cc6c71d07f868e049119e6c183b84af84f3d0abd7
                                          • Instruction ID: 4fcea5cd00bca5c84a43bd49349038d520bbcdffe702811d5f533b6a1ea110fa
                                          • Opcode Fuzzy Hash: 0775756390550a6ccd495c4cc6c71d07f868e049119e6c183b84af84f3d0abd7
                                          • Instruction Fuzzy Hash: F6213D7550D3C09FC713CB24C990715BF71AB46214F29C5EBD8898F6A7C23A984ACB62
                                          Function 062B3BD8 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 891d880457467a7f14325eaf395b957f79ce5464b4a3b87ba03c9bbf8dba7cb4
                                          • Instruction ID: 9c97ff1978a02c901d73823e400c3698ae43814e0bd649d50a0d44864e88ac32
                                          • Opcode Fuzzy Hash: 891d880457467a7f14325eaf395b957f79ce5464b4a3b87ba03c9bbf8dba7cb4
                                          • Instruction Fuzzy Hash: F811A131B201298BDF58D67DDC506EEB3AAEBC8750B048539D806E7348EF64DC028BD0
                                          Function 062BED88 Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3d34da0430e9a2d2be6abc046b3f547317538b7d7571c208a97261575e68f4f4
                                          • Instruction ID: b7696768ea28e3a69a1934e7c802ef28cf28e590583bb115828761f4babbd322
                                          • Opcode Fuzzy Hash: 3d34da0430e9a2d2be6abc046b3f547317538b7d7571c208a97261575e68f4f4
                                          • Instruction Fuzzy Hash: 1B012431F202124FDB6A967CD4617EE2BDADBCA750F168C6AE44ACB341DE54CC428391
                                          Function 062B3BC7 Relevance: .1, Instructions: 54COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d5b7661d2dddd22e9f4cd88d6061b85a53fb412cd669b155af07e195b4fb9a55
                                          • Instruction ID: 3771a71cc6fc64d80d1fef0624698e41ad6d42dd19e835e1a35d76669dd2e96d
                                          • Opcode Fuzzy Hash: d5b7661d2dddd22e9f4cd88d6061b85a53fb412cd669b155af07e195b4fb9a55
                                          • Instruction Fuzzy Hash: 0E01D432B200165BDB54D6ADDC50AEFB3EAEBC8750F058139D90AE7348EF649C0287D1
                                          Function 062B3890 Relevance: .1, Instructions: 54COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f0c461e19235b40aaa9cfe0bcd9333f4e555e4b1888a2bb89d60503691abcb9a
                                          • Instruction ID: e61efe16398696104b14903d0c8c6c7cd58c8b77a18b50a0d429ef1da34f29c0
                                          • Opcode Fuzzy Hash: f0c461e19235b40aaa9cfe0bcd9333f4e555e4b1888a2bb89d60503691abcb9a
                                          • Instruction Fuzzy Hash: A721EDB5D01619AFCB00CF9AD985BDEFBB4FF48314F10852AE918B7200C374A954CBA5
                                          Function 062B3E10 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9d9ecf0df82431f7e6c090139e35d9a88d12a2de405a840c95b3bb2b1b1874c5
                                          • Instruction ID: 8b334488ba58b45de80c79052fc3d90875e1ff48995422ac726dcbd88cc6bf7a
                                          • Opcode Fuzzy Hash: 9d9ecf0df82431f7e6c090139e35d9a88d12a2de405a840c95b3bb2b1b1874c5
                                          • Instruction Fuzzy Hash: F101FC31B205024BEB29DA6CD9107AFA3D6EFC8351F14982AE50ACB781EE21CC0243A1
                                          Function 062BA2FF Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f3bad103f68f4a3f1c482e7b8d84d9a694fa0d6657fc5e3d4913691863dbeb34
                                          • Instruction ID: 9b195b2b49c2abf2148189b780842e6fc59d4355240c12167c7e826d38af6243
                                          • Opcode Fuzzy Hash: f3bad103f68f4a3f1c482e7b8d84d9a694fa0d6657fc5e3d4913691863dbeb34
                                          • Instruction Fuzzy Hash: 8801F231B201125BDB649A6CE895BDF73D5EBC9750F208838F90BC7340DA21DC4283C0
                                          Function 062B3898 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cf60c511034cc16afbde65575eda5e11dbe5370f2d3e68d892c9db81540f4d59
                                          • Instruction ID: 8ee367d2530c668ec4beedcb347a79389a990f3455d126d2f0872aeb95685028
                                          • Opcode Fuzzy Hash: cf60c511034cc16afbde65575eda5e11dbe5370f2d3e68d892c9db81540f4d59
                                          • Instruction Fuzzy Hash: 9C11D0B1D01659AFDB00CF9AD884ADEFBB4FF48324F10812AE918B7200C374A954CFA5
                                          Function 062B3E20 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aa965ca262ab46a0fbbc736ce95955fa87892adbe7b48cf19dc2faf9ed6da67e
                                          • Instruction ID: 75166cd05ea09dd4473509cf3ca8ca5112352819af48e86e1fdc6ad9defaecf0
                                          • Opcode Fuzzy Hash: aa965ca262ab46a0fbbc736ce95955fa87892adbe7b48cf19dc2faf9ed6da67e
                                          • Instruction Fuzzy Hash: 0101AD31B201124BEB68E96DD4417AFB3CAEBC9750F20983AE50AC7380EE61DC0243A0
                                          Function 062BED98 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f332b35e2717086e8bd554c30b8eaedbf3c919a2ca6cb6fd8daffa9f5e51d5b5
                                          • Instruction ID: e2644b73546793a229d36da8803beaf045a52de281b84edf0583479e2b33d519
                                          • Opcode Fuzzy Hash: f332b35e2717086e8bd554c30b8eaedbf3c919a2ca6cb6fd8daffa9f5e51d5b5
                                          • Instruction Fuzzy Hash: FE01F431F201124BEB69956DE451BAF77CADBC97A0F119839F50AC7340DE51DC024381
                                          Function 062BA310 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ee361c1164ed504bc7a8ab942c1ecd9e3a8decfcf21e50f4b846e8c79febe24e
                                          • Instruction ID: f65a20ce4d2994f8bb7382757f764c23452a3a94048d6d1123a97315ee2a2c7a
                                          • Opcode Fuzzy Hash: ee361c1164ed504bc7a8ab942c1ecd9e3a8decfcf21e50f4b846e8c79febe24e
                                          • Instruction Fuzzy Hash: 4B018130B211125BDB65AA6CE891B9F77D5EBC9750F209828F50BC7344DE21DC4287C0
                                          Function 062BFC78 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: df6c96b777237f7d63354c8985eafb07187cd665de5f286fd876ee5c1d6b8289
                                          • Instruction ID: 77a83b68421eb0349ee1f2d6aab116115764cf5b02320dca4e4e401f20d1d5b2
                                          • Opcode Fuzzy Hash: df6c96b777237f7d63354c8985eafb07187cd665de5f286fd876ee5c1d6b8289
                                          • Instruction Fuzzy Hash: 1AE0D877F311245BCB595578ED451DEB757EBC4251B114C36D905E7281D931881343C0
                                          Function 062B82BF Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 056a65df5aa9f04c1281da9681227d8fc8852a5763509ccd8647a2132a7e869e
                                          • Instruction ID: 7819c63e60c99170d8932371b7a146846bc004de63caf86e0c963ef0913a91e9
                                          • Opcode Fuzzy Hash: 056a65df5aa9f04c1281da9681227d8fc8852a5763509ccd8647a2132a7e869e
                                          • Instruction Fuzzy Hash: F9F05836A24106DFEF649A54E9802FCB778FB443D1F185062DC0AA7555C3799982CB90
                                          Function 062B4A71 Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f4434e1475a49a2551654af2136e51139fbd196cc6ddc29f3b0936220efa3e1e
                                          • Instruction ID: 695caeb12aad62770366789b1d5960dd0e34a002f46a593b8257f87a859dcb44
                                          • Opcode Fuzzy Hash: f4434e1475a49a2551654af2136e51139fbd196cc6ddc29f3b0936220efa3e1e
                                          • Instruction Fuzzy Hash: E2F0FE30A20219DFDB54EF94E9A97EDBBB2FF44705F204529E802A7295CBB41D41CF91
                                          Function 062B6468 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5ce5b422148ab8b50f1746635fb89f4b829ac07b30d0f6560ca7fcaa1b3af7e1
                                          • Instruction ID: 950235ceedc0a897330b0830fc53a5ae0bf02fa625014c69d0aad7be9fb8e0d2
                                          • Opcode Fuzzy Hash: 5ce5b422148ab8b50f1746635fb89f4b829ac07b30d0f6560ca7fcaa1b3af7e1
                                          • Instruction Fuzzy Hash: 82E0DF71E289895FCFA0CAB4CA653DE7774FB42348F205CA6DC08DB282E236DD008380
                                          Function 062B6478 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3345952435.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_62b0000_Reiven RFQ-27-05-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c88a1ca786dc6f927896c4a5ab5edd2dcd749d13f590f7bda480bd7325f50d2b
                                          • Instruction ID: d08e6342699b81bab495dd266e9ce1c1427c34cabc7c9c9087f7f066c296c094
                                          • Opcode Fuzzy Hash: c88a1ca786dc6f927896c4a5ab5edd2dcd749d13f590f7bda480bd7325f50d2b
                                          • Instruction Fuzzy Hash: 84E0C271E20109ABDF60CEB0C9057DEB3BDE701344F2088A4DC08C7241F172EA018380

                                          Execution Graph

                                          Execution Coverage:11.2%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:321
                                          Total number of Limit Nodes:27
                                          execution_graph 39916 a4acb0 39917 a4acbf 39916->39917 39920 a4ad97 39916->39920 39928 a4ada8 39916->39928 39921 a4adb9 39920->39921 39922 a4addc 39920->39922 39921->39922 39936 a4b030 39921->39936 39940 a4b040 39921->39940 39922->39917 39923 a4add4 39923->39922 39924 a4afe0 GetModuleHandleW 39923->39924 39925 a4b00d 39924->39925 39925->39917 39929 a4adb9 39928->39929 39931 a4addc 39928->39931 39929->39931 39934 a4b030 LoadLibraryExW 39929->39934 39935 a4b040 LoadLibraryExW 39929->39935 39930 a4add4 39930->39931 39932 a4afe0 GetModuleHandleW 39930->39932 39931->39917 39933 a4b00d 39932->39933 39933->39917 39934->39930 39935->39930 39937 a4b054 39936->39937 39938 a4b079 39937->39938 39944 a4a130 39937->39944 39938->39923 39942 a4b054 39940->39942 39941 a4b079 39941->39923 39942->39941 39943 a4a130 LoadLibraryExW 39942->39943 39943->39941 39945 a4b220 LoadLibraryExW 39944->39945 39947 a4b299 39945->39947 39947->39938 39948 a4d040 39949 a4d086 GetCurrentProcess 39948->39949 39951 a4d0d1 39949->39951 39952 a4d0d8 GetCurrentThread 39949->39952 39951->39952 39953 a4d115 GetCurrentProcess 39952->39953 39954 a4d10e 39952->39954 39955 a4d14b 39953->39955 39954->39953 39956 a4d173 GetCurrentThreadId 39955->39956 39957 a4d1a4 39956->39957 40225 a4d751 40226 a4d714 DuplicateHandle 40225->40226 40228 a4d75a 40225->40228 40227 a4d726 40226->40227 39958 6bb575c 39959 6bb56db 39958->39959 39960 6bb56c6 39958->39960 39960->39959 39964 6bb60bb 39960->39964 39992 6bb6058 39960->39992 40018 6bb6068 39960->40018 39966 6bb6065 39964->39966 39968 6bb60bf 39964->39968 39965 6bb600d 39965->39959 39966->39965 40044 6bb6378 39966->40044 40050 6bb6844 39966->40050 40055 6bb6420 39966->40055 40060 6bb6cc1 39966->40060 40064 6bb65c1 39966->40064 40069 6bb69e3 39966->40069 40074 6bb668f 39966->40074 40079 6bb630f 39966->40079 40086 6bb6ce8 39966->40086 40091 6bb688a 39966->40091 40096 6bb67d4 39966->40096 40101 6bb68d5 39966->40101 40106 6bb66d7 39966->40106 40114 6bb65f1 39966->40114 40124 6bb6751 39966->40124 40132 6bb6991 39966->40132 40137 6bb65b2 39966->40137 40142 6bb6733 39966->40142 40147 6bb679d 39966->40147 40153 6bb663d 39966->40153 40158 6bb675e 39966->40158 40163 6bb683e 39966->40163 40168 6bb649e 39966->40168 39967 6bb60a6 39967->39959 39968->39959 39993 6bb6068 39992->39993 39995 6bb6378 2 API calls 39993->39995 39996 6bb649e 2 API calls 39993->39996 39997 6bb683e 2 API calls 39993->39997 39998 6bb675e 2 API calls 39993->39998 39999 6bb663d 2 API calls 39993->39999 40000 6bb679d 2 API calls 39993->40000 40001 6bb6733 2 API calls 39993->40001 40002 6bb65b2 2 API calls 39993->40002 40003 6bb6991 2 API calls 39993->40003 40004 6bb6751 2 API calls 39993->40004 40005 6bb65f1 4 API calls 39993->40005 40006 6bb66d7 2 API calls 39993->40006 40007 6bb68d5 2 API calls 39993->40007 40008 6bb67d4 2 API calls 39993->40008 40009 6bb688a 2 API calls 39993->40009 40010 6bb6ce8 2 API calls 39993->40010 40011 6bb630f 2 API calls 39993->40011 40012 6bb668f 2 API calls 39993->40012 40013 6bb69e3 2 API calls 39993->40013 40014 6bb65c1 2 API calls 39993->40014 40015 6bb6cc1 ReadProcessMemory 39993->40015 40016 6bb6420 2 API calls 39993->40016 40017 6bb6844 2 API calls 39993->40017 39994 6bb60a6 39994->39959 39995->39994 39996->39994 39997->39994 39998->39994 39999->39994 40000->39994 40001->39994 40002->39994 40003->39994 40004->39994 40005->39994 40006->39994 40007->39994 40008->39994 40009->39994 40010->39994 40011->39994 40012->39994 40013->39994 40014->39994 40015->39994 40016->39994 40017->39994 40019 6bb6082 40018->40019 40021 6bb6378 2 API calls 40019->40021 40022 6bb649e 2 API calls 40019->40022 40023 6bb683e 2 API calls 40019->40023 40024 6bb675e 2 API calls 40019->40024 40025 6bb663d 2 API calls 40019->40025 40026 6bb679d 2 API calls 40019->40026 40027 6bb6733 2 API calls 40019->40027 40028 6bb65b2 2 API calls 40019->40028 40029 6bb6991 2 API calls 40019->40029 40030 6bb6751 2 API calls 40019->40030 40031 6bb65f1 4 API calls 40019->40031 40032 6bb66d7 2 API calls 40019->40032 40033 6bb68d5 2 API calls 40019->40033 40034 6bb67d4 2 API calls 40019->40034 40035 6bb688a 2 API calls 40019->40035 40036 6bb6ce8 2 API calls 40019->40036 40037 6bb630f 2 API calls 40019->40037 40038 6bb668f 2 API calls 40019->40038 40039 6bb69e3 2 API calls 40019->40039 40040 6bb65c1 2 API calls 40019->40040 40041 6bb6cc1 ReadProcessMemory 40019->40041 40042 6bb6420 2 API calls 40019->40042 40043 6bb6844 2 API calls 40019->40043 40020 6bb60a6 40020->39959 40021->40020 40022->40020 40023->40020 40024->40020 40025->40020 40026->40020 40027->40020 40028->40020 40029->40020 40030->40020 40031->40020 40032->40020 40033->40020 40034->40020 40035->40020 40036->40020 40037->40020 40038->40020 40039->40020 40040->40020 40041->40020 40042->40020 40043->40020 40047 6bb63bb 40044->40047 40045 6bb645f 40045->39967 40047->40045 40174 6bb52b0 40047->40174 40178 6bb52a4 40047->40178 40052 6bb65a8 40050->40052 40051 6bb65ba 40051->39967 40052->40051 40182 6bb4be9 40052->40182 40186 6bb4bf0 40052->40186 40056 6bb642c 40055->40056 40058 6bb52b0 CreateProcessA 40056->40058 40059 6bb52a4 CreateProcessA 40056->40059 40057 6bb6580 40057->39967 40058->40057 40059->40057 40061 6bb6e2d 40060->40061 40190 6bb4ce0 40061->40190 40065 6bb65d0 40064->40065 40067 6bb4be9 WriteProcessMemory 40065->40067 40068 6bb4bf0 WriteProcessMemory 40065->40068 40066 6bb6c4f 40066->39967 40067->40066 40068->40066 40070 6bb69ec 40069->40070 40194 6bb4a58 40070->40194 40198 6bb4a51 40070->40198 40071 6bb69fd 40071->39967 40075 6bb65a8 40074->40075 40076 6bb65ba 40074->40076 40075->40074 40075->40076 40077 6bb4be9 WriteProcessMemory 40075->40077 40078 6bb4bf0 WriteProcessMemory 40075->40078 40076->39967 40077->40075 40078->40075 40080 6bb6322 40079->40080 40083 6bb6373 40079->40083 40080->39967 40081 6bb645f 40081->39967 40082 6bb6580 40082->39967 40083->40081 40084 6bb52b0 CreateProcessA 40083->40084 40085 6bb52a4 CreateProcessA 40083->40085 40084->40082 40085->40082 40087 6bb6cec 40086->40087 40089 6bb4a58 Wow64SetThreadContext 40087->40089 40090 6bb4a51 Wow64SetThreadContext 40087->40090 40088 6bb6d07 40089->40088 40090->40088 40092 6bb6890 40091->40092 40202 6bb4568 40092->40202 40206 6bb4570 40092->40206 40093 6bb68b6 40093->39967 40097 6bb67fd 40096->40097 40099 6bb4568 ResumeThread 40097->40099 40100 6bb4570 ResumeThread 40097->40100 40098 6bb68b6 40098->39967 40099->40098 40100->40098 40102 6bb68f8 40101->40102 40104 6bb4be9 WriteProcessMemory 40102->40104 40105 6bb4bf0 WriteProcessMemory 40102->40105 40103 6bb6b1a 40104->40103 40105->40103 40107 6bb66df 40106->40107 40108 6bb65a8 40107->40108 40112 6bb4be9 WriteProcessMemory 40107->40112 40113 6bb4bf0 WriteProcessMemory 40107->40113 40109 6bb65ba 40108->40109 40110 6bb4be9 WriteProcessMemory 40108->40110 40111 6bb4bf0 WriteProcessMemory 40108->40111 40109->39967 40110->40108 40111->40108 40112->40108 40113->40108 40115 6bb65fe 40114->40115 40116 6bb67fd 40114->40116 40115->40116 40118 6bb65a8 40115->40118 40122 6bb4568 ResumeThread 40116->40122 40123 6bb4570 ResumeThread 40116->40123 40117 6bb68b6 40117->39967 40119 6bb65ba 40118->40119 40120 6bb4be9 WriteProcessMemory 40118->40120 40121 6bb4bf0 WriteProcessMemory 40118->40121 40119->39967 40120->40118 40121->40118 40122->40117 40123->40117 40125 6bb66df 40124->40125 40126 6bb65a8 40125->40126 40128 6bb4be9 WriteProcessMemory 40125->40128 40129 6bb4bf0 WriteProcessMemory 40125->40129 40127 6bb65ba 40126->40127 40130 6bb4be9 WriteProcessMemory 40126->40130 40131 6bb4bf0 WriteProcessMemory 40126->40131 40127->39967 40128->40126 40129->40126 40130->40126 40131->40126 40133 6bb69ec 40132->40133 40134 6bb699a 40132->40134 40135 6bb4a58 Wow64SetThreadContext 40133->40135 40136 6bb4a51 Wow64SetThreadContext 40133->40136 40134->39967 40135->40134 40136->40134 40138 6bb65a8 40137->40138 40139 6bb65ba 40138->40139 40140 6bb4be9 WriteProcessMemory 40138->40140 40141 6bb4bf0 WriteProcessMemory 40138->40141 40139->39967 40140->40138 40141->40138 40143 6bb6e99 40142->40143 40210 6bb4b29 40143->40210 40214 6bb4b30 40143->40214 40144 6bb6eb7 40148 6bb67fd 40147->40148 40149 6bb67ab 40147->40149 40151 6bb4568 ResumeThread 40148->40151 40152 6bb4570 ResumeThread 40148->40152 40149->39967 40150 6bb68b6 40150->39967 40151->40150 40152->40150 40154 6bb65a8 40153->40154 40155 6bb65ba 40154->40155 40156 6bb4be9 WriteProcessMemory 40154->40156 40157 6bb4bf0 WriteProcessMemory 40154->40157 40155->39967 40156->40154 40157->40154 40159 6bb6776 40158->40159 40160 6bb68b6 40159->40160 40161 6bb4568 ResumeThread 40159->40161 40162 6bb4570 ResumeThread 40159->40162 40160->39967 40161->40160 40162->40160 40164 6bb6cec 40163->40164 40166 6bb4a58 Wow64SetThreadContext 40164->40166 40167 6bb4a51 Wow64SetThreadContext 40164->40167 40165 6bb6d07 40166->40165 40167->40165 40170 6bb642c 40168->40170 40169 6bb645f 40169->39967 40170->40169 40172 6bb52b0 CreateProcessA 40170->40172 40173 6bb52a4 CreateProcessA 40170->40173 40171 6bb6580 40171->39967 40172->40171 40173->40171 40175 6bb5339 40174->40175 40175->40175 40176 6bb549e CreateProcessA 40175->40176 40177 6bb54fb 40176->40177 40177->40177 40179 6bb5339 40178->40179 40179->40179 40180 6bb549e CreateProcessA 40179->40180 40181 6bb54fb 40180->40181 40181->40181 40183 6bb4bf0 WriteProcessMemory 40182->40183 40185 6bb4c8f 40183->40185 40185->40052 40187 6bb4c38 WriteProcessMemory 40186->40187 40189 6bb4c8f 40187->40189 40189->40052 40191 6bb4d2b ReadProcessMemory 40190->40191 40193 6bb4d6f 40191->40193 40195 6bb4a9d Wow64SetThreadContext 40194->40195 40197 6bb4ae5 40195->40197 40197->40071 40199 6bb4a58 Wow64SetThreadContext 40198->40199 40201 6bb4ae5 40199->40201 40201->40071 40203 6bb4570 ResumeThread 40202->40203 40205 6bb45e1 40203->40205 40205->40093 40207 6bb45b0 ResumeThread 40206->40207 40209 6bb45e1 40207->40209 40209->40093 40211 6bb4b30 VirtualAllocEx 40210->40211 40213 6bb4bad 40211->40213 40213->40144 40215 6bb4b70 VirtualAllocEx 40214->40215 40217 6bb4bad 40215->40217 40217->40144 40229 67f1248 40230 67f125a 40229->40230 40231 67f1270 40229->40231 40233 67f02d8 40230->40233 40234 67f02e3 40233->40234 40235 67f16c6 40234->40235 40238 67f2a50 40234->40238 40243 67f2a40 40234->40243 40235->40231 40240 67f2a71 40238->40240 40239 67f2a86 40239->40234 40240->40239 40248 67f26fc 40240->40248 40245 67f2a71 40243->40245 40244 67f2a86 40244->40234 40245->40244 40246 67f26fc DrawTextExW 40245->40246 40247 67f2ad6 40246->40247 40249 67f2707 40248->40249 40252 67f3834 40249->40252 40251 67f2ad6 40254 67f383f 40252->40254 40253 67f4651 40253->40251 40254->40253 40258 67f5170 40254->40258 40261 67f5160 40254->40261 40255 67f4755 40255->40251 40265 67f3a0c 40258->40265 40262 67f515f 40261->40262 40262->40261 40263 67f518d 40262->40263 40264 67f3a0c DrawTextExW 40262->40264 40263->40255 40264->40263 40266 67f51a8 DrawTextExW 40265->40266 40268 67f518d 40266->40268 40268->40255 40218 6bb7210 40219 6bb739b 40218->40219 40221 6bb7236 40218->40221 40221->40219 40222 6bb2fd8 40221->40222 40223 6bb7898 PostMessageW 40222->40223 40224 6bb7904 40223->40224 40224->40221 39873 a44668 39874 a4467a 39873->39874 39875 a44686 39874->39875 39877 a44779 39874->39877 39878 a4479d 39877->39878 39882 a44888 39878->39882 39886 a44878 39878->39886 39884 a448af 39882->39884 39883 a4498c 39883->39883 39884->39883 39890 a444b0 39884->39890 39887 a448af 39886->39887 39888 a444b0 CreateActCtxA 39887->39888 39889 a4498c 39887->39889 39888->39889 39891 a45918 CreateActCtxA 39890->39891 39893 a459db 39891->39893 39894 67ffaf0 39898 67ffb20 39894->39898 39905 67ffb10 39894->39905 39895 67ffb06 39899 67ffb4b 39898->39899 39900 67ffb44 39898->39900 39904 67ffb72 39899->39904 39912 67fe84c 39899->39912 39900->39895 39903 67fe84c GetCurrentThreadId 39903->39904 39904->39895 39906 67ffb4b 39905->39906 39907 67ffb44 39905->39907 39908 67fe84c GetCurrentThreadId 39906->39908 39911 67ffb72 39906->39911 39907->39895 39909 67ffb68 39908->39909 39910 67fe84c GetCurrentThreadId 39909->39910 39910->39911 39911->39895 39913 67fe857 39912->39913 39914 67ffe8f GetCurrentThreadId 39913->39914 39915 67ffb68 39913->39915 39914->39915 39915->39903 40269 67f8000 FindCloseChangeNotification 40270 67f8067 40269->40270

                                          Executed Functions

                                          Function 00A4D031 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • GetCurrentProcess.KERNEL32 ref: 00A4D0BE
                                          • GetCurrentThread.KERNEL32 ref: 00A4D0FB
                                          • GetCurrentProcess.KERNEL32 ref: 00A4D138
                                          • GetCurrentThreadId.KERNEL32 ref: 00A4D191
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2244793634.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_a40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: Current$ProcessThread
                                          • String ID:
                                          • API String ID: 2063062207-0
                                          • Opcode ID: 8705073a15bf2ac5a193a10fcdc030fbd1e328100916efbc2b9cfed6e2e8e255
                                          • Instruction ID: 55a17abbbe1a9c044f4b5605988d1f4f2581ae686f1e53db4182d1f4ea0a3406
                                          • Opcode Fuzzy Hash: 8705073a15bf2ac5a193a10fcdc030fbd1e328100916efbc2b9cfed6e2e8e255
                                          • Instruction Fuzzy Hash: B45155B09003498FDB54CFAAD988BDEBBF1EF88314F208559E409A73A0DB785945CB61
                                          Function 00A4D040 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • GetCurrentProcess.KERNEL32 ref: 00A4D0BE
                                          • GetCurrentThread.KERNEL32 ref: 00A4D0FB
                                          • GetCurrentProcess.KERNEL32 ref: 00A4D138
                                          • GetCurrentThreadId.KERNEL32 ref: 00A4D191
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2244793634.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_a40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: Current$ProcessThread
                                          • String ID:
                                          • API String ID: 2063062207-0
                                          • Opcode ID: 294ef5cf519fb2b330b2aa0e6dc056a128107eeaa8acd4ec2feb742922257012
                                          • Instruction ID: 73ed92c197dc7c40d694dd2dba49bea3b1d369a492640a9a648124d3f725a389
                                          • Opcode Fuzzy Hash: 294ef5cf519fb2b330b2aa0e6dc056a128107eeaa8acd4ec2feb742922257012
                                          • Instruction Fuzzy Hash: F75157B0900349CFDB54DFAAD988B9EBBF1FF88314F208559E409A7360DB745944CB65
                                          Function 06BB52A4 Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 44 6bb52a4-6bb5345 46 6bb537e-6bb539e 44->46 47 6bb5347-6bb5351 44->47 52 6bb53a0-6bb53aa 46->52 53 6bb53d7-6bb5406 46->53 47->46 48 6bb5353-6bb5355 47->48 50 6bb5378-6bb537b 48->50 51 6bb5357-6bb5361 48->51 50->46 54 6bb5363 51->54 55 6bb5365-6bb5374 51->55 52->53 56 6bb53ac-6bb53ae 52->56 63 6bb5408-6bb5412 53->63 64 6bb543f-6bb54f9 CreateProcessA 53->64 54->55 55->55 57 6bb5376 55->57 58 6bb53d1-6bb53d4 56->58 59 6bb53b0-6bb53ba 56->59 57->50 58->53 61 6bb53be-6bb53cd 59->61 62 6bb53bc 59->62 61->61 65 6bb53cf 61->65 62->61 63->64 66 6bb5414-6bb5416 63->66 75 6bb54fb-6bb5501 64->75 76 6bb5502-6bb5588 64->76 65->58 68 6bb5439-6bb543c 66->68 69 6bb5418-6bb5422 66->69 68->64 70 6bb5426-6bb5435 69->70 71 6bb5424 69->71 70->70 72 6bb5437 70->72 71->70 72->68 75->76 86 6bb558a-6bb558e 76->86 87 6bb5598-6bb559c 76->87 86->87 88 6bb5590 86->88 89 6bb559e-6bb55a2 87->89 90 6bb55ac-6bb55b0 87->90 88->87 89->90 91 6bb55a4 89->91 92 6bb55b2-6bb55b6 90->92 93 6bb55c0-6bb55c4 90->93 91->90 92->93 94 6bb55b8 92->94 95 6bb55d6-6bb55dd 93->95 96 6bb55c6-6bb55cc 93->96 94->93 97 6bb55df-6bb55ee 95->97 98 6bb55f4 95->98 96->95 97->98 100 6bb55f5 98->100 100->100
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06BB54E6
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2257810254.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6bb0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: f14efbcd75aecdd259e9e0af7a7629cd6641425338f5bca660fd0bce1e530fd4
                                          • Instruction ID: 1dbb5ee9e7978ca9a6d225ab95f30cced59f4e142051e02aa740270f8fab6b86
                                          • Opcode Fuzzy Hash: f14efbcd75aecdd259e9e0af7a7629cd6641425338f5bca660fd0bce1e530fd4
                                          • Instruction Fuzzy Hash: 85A14CB1D002199FDF60CF68C8417EDBBB2FF48310F1495A9E909A7250DBB49985CF92
                                          Function 06BB52B0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 101 6bb52b0-6bb5345 103 6bb537e-6bb539e 101->103 104 6bb5347-6bb5351 101->104 109 6bb53a0-6bb53aa 103->109 110 6bb53d7-6bb5406 103->110 104->103 105 6bb5353-6bb5355 104->105 107 6bb5378-6bb537b 105->107 108 6bb5357-6bb5361 105->108 107->103 111 6bb5363 108->111 112 6bb5365-6bb5374 108->112 109->110 113 6bb53ac-6bb53ae 109->113 120 6bb5408-6bb5412 110->120 121 6bb543f-6bb54f9 CreateProcessA 110->121 111->112 112->112 114 6bb5376 112->114 115 6bb53d1-6bb53d4 113->115 116 6bb53b0-6bb53ba 113->116 114->107 115->110 118 6bb53be-6bb53cd 116->118 119 6bb53bc 116->119 118->118 122 6bb53cf 118->122 119->118 120->121 123 6bb5414-6bb5416 120->123 132 6bb54fb-6bb5501 121->132 133 6bb5502-6bb5588 121->133 122->115 125 6bb5439-6bb543c 123->125 126 6bb5418-6bb5422 123->126 125->121 127 6bb5426-6bb5435 126->127 128 6bb5424 126->128 127->127 129 6bb5437 127->129 128->127 129->125 132->133 143 6bb558a-6bb558e 133->143 144 6bb5598-6bb559c 133->144 143->144 145 6bb5590 143->145 146 6bb559e-6bb55a2 144->146 147 6bb55ac-6bb55b0 144->147 145->144 146->147 148 6bb55a4 146->148 149 6bb55b2-6bb55b6 147->149 150 6bb55c0-6bb55c4 147->150 148->147 149->150 151 6bb55b8 149->151 152 6bb55d6-6bb55dd 150->152 153 6bb55c6-6bb55cc 150->153 151->150 154 6bb55df-6bb55ee 152->154 155 6bb55f4 152->155 153->152 154->155 157 6bb55f5 155->157 157->157
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06BB54E6
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2257810254.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6bb0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: a3751ae02e64512418be94238a7ef83a30995e466d3769a0fe5ca61446cb1eb0
                                          • Instruction ID: b797b902d9b44b069f4edbf9f44397048920563a73866db922ec5f6c145c86be
                                          • Opcode Fuzzy Hash: a3751ae02e64512418be94238a7ef83a30995e466d3769a0fe5ca61446cb1eb0
                                          • Instruction Fuzzy Hash: 7D915DB2D00219DFDB60CF68C8417EDBBB2FF48310F1495A9E909A7250DBB49985CF92
                                          Function 00A4ADA8 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 158 a4ada8-a4adb7 159 a4ade3-a4ade7 158->159 160 a4adb9-a4adc6 call a4a0cc 158->160 162 a4ade9-a4adf3 159->162 163 a4adfb-a4ae3c 159->163 165 a4addc 160->165 166 a4adc8 160->166 162->163 169 a4ae3e-a4ae46 163->169 170 a4ae49-a4ae57 163->170 165->159 213 a4adce call a4b030 166->213 214 a4adce call a4b040 166->214 169->170 171 a4ae59-a4ae5e 170->171 172 a4ae7b-a4ae7d 170->172 174 a4ae60-a4ae67 call a4a0d8 171->174 175 a4ae69 171->175 177 a4ae80-a4ae87 172->177 173 a4add4-a4add6 173->165 176 a4af18-a4afd8 173->176 179 a4ae6b-a4ae79 174->179 175->179 208 a4afe0-a4b00b GetModuleHandleW 176->208 209 a4afda-a4afdd 176->209 180 a4ae94-a4ae9b 177->180 181 a4ae89-a4ae91 177->181 179->177 183 a4ae9d-a4aea5 180->183 184 a4aea8-a4aeaa call a4a0e8 180->184 181->180 183->184 187 a4aeaf-a4aeb1 184->187 189 a4aeb3-a4aebb 187->189 190 a4aebe-a4aec3 187->190 189->190 191 a4aec5-a4aecc 190->191 192 a4aee1-a4aeee 190->192 191->192 194 a4aece-a4aede call a4a0f8 call a4a108 191->194 199 a4aef0-a4af0e 192->199 200 a4af11-a4af17 192->200 194->192 199->200 210 a4b014-a4b028 208->210 211 a4b00d-a4b013 208->211 209->208 211->210 213->173 214->173
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 00A4AFFE
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2244793634.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_a40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: 082d4bc0ef9cbda7c1a5ea2e46ccc9aa5baa27124d9f579ce3653ce3377fb378
                                          • Instruction ID: a0e3f5cf42e7dbcf84c77149ff477b9706b2f420af8b8c67ce32b085f4b925b6
                                          • Opcode Fuzzy Hash: 082d4bc0ef9cbda7c1a5ea2e46ccc9aa5baa27124d9f579ce3653ce3377fb378
                                          • Instruction Fuzzy Hash: 5A814674A00B058FD764DF6AC44179ABBF1FF98300F008A2DE49AD7A50DB75E849CB92
                                          Function 00A4590D Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 215 a4590d-a45913 216 a4591c-a459d9 CreateActCtxA 215->216 218 a459e2-a45a3c 216->218 219 a459db-a459e1 216->219 226 a45a3e-a45a41 218->226 227 a45a4b-a45a4f 218->227 219->218 226->227 228 a45a60 227->228 229 a45a51-a45a5d 227->229 231 a45a61 228->231 229->228 231->231
                                          APIs
                                          • CreateActCtxA.KERNEL32(?), ref: 00A459C9
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2244793634.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_a40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID:
                                          • API String ID: 2289755597-0
                                          • Opcode ID: 114d4ca27a951b1cdffc4322095ca9d61c02ca7dfb15115cc9ea268eee146693
                                          • Instruction ID: 499ab3f75ba83ab036a7104b7e452f10fb10db765b63f64d3628c55fed4814c5
                                          • Opcode Fuzzy Hash: 114d4ca27a951b1cdffc4322095ca9d61c02ca7dfb15115cc9ea268eee146693
                                          • Instruction Fuzzy Hash: 3541D0B0C00B19CBDB24CFAAC98478DBBB1BF89304F20856AD419AB252DB755946CF50
                                          Function 00A444B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 232 a444b0-a459d9 CreateActCtxA 235 a459e2-a45a3c 232->235 236 a459db-a459e1 232->236 243 a45a3e-a45a41 235->243 244 a45a4b-a45a4f 235->244 236->235 243->244 245 a45a60 244->245 246 a45a51-a45a5d 244->246 248 a45a61 245->248 246->245 248->248
                                          APIs
                                          • CreateActCtxA.KERNEL32(?), ref: 00A459C9
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2244793634.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_a40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID:
                                          • API String ID: 2289755597-0
                                          • Opcode ID: e3d4e89ab750a31321459931c00cddb6ed7785d1b735b02bc6bff7af9ee6404a
                                          • Instruction ID: b752f0b616a9459d793ecd9096a14f7144ad7181ef639528f82b80636617834c
                                          • Opcode Fuzzy Hash: e3d4e89ab750a31321459931c00cddb6ed7785d1b735b02bc6bff7af9ee6404a
                                          • Instruction Fuzzy Hash: 7441E470C00B1DCBDB24CFAAC98479DBBF5BF89704F60856AD408AB252DBB56945CF90
                                          Function 00A4D751 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 249 a4d751-a4d758 250 a4d714-a4d724 DuplicateHandle 249->250 251 a4d75a-a4d87e 249->251 252 a4d726-a4d72c 250->252 253 a4d72d-a4d74a 250->253 252->253
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A4D717
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2244793634.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_a40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: c0c3f588d005bd6da62f7ff943913bc723b1de9f46110daf02410b52fee2a3d7
                                          • Instruction ID: 919ef5a51e863372a89bb49a8c222335982efdeefe42f6a6e68e273bf403030b
                                          • Opcode Fuzzy Hash: c0c3f588d005bd6da62f7ff943913bc723b1de9f46110daf02410b52fee2a3d7
                                          • Instruction Fuzzy Hash: 74317434A813849FE714DF60E898B793BB1F788710F508529E9518B3EACEB44896CF10
                                          Function 067F51A0 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 267 67f51a0-67f51f4 268 67f51ff-67f520e 267->268 269 67f51f6-67f51fc 267->269 270 67f5213-67f524c DrawTextExW 268->270 271 67f5210 268->271 269->268 272 67f524e-67f5254 270->272 273 67f5255-67f5272 270->273 271->270 272->273
                                          APIs
                                          • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,067F518D,?,?), ref: 067F523F
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2256929074.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_67f0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: DrawText
                                          • String ID:
                                          • API String ID: 2175133113-0
                                          • Opcode ID: 09070b085513afb00f9fbbc46f653db843cf6c21473a74a3b92155116a305ff7
                                          • Instruction ID: 961ac66f63dd6ecf7909da8693f104cb62126e57b9791f8e7696fecfadfdabe0
                                          • Opcode Fuzzy Hash: 09070b085513afb00f9fbbc46f653db843cf6c21473a74a3b92155116a305ff7
                                          • Instruction Fuzzy Hash: 9331E4B5D002099FDB10CF99D880AEEBBF5FF58320F14842AE519A7310D775A545CFA0
                                          Function 06BB4BE9 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 286 6bb4be9-6bb4c3e 289 6bb4c4e-6bb4c8d WriteProcessMemory 286->289 290 6bb4c40-6bb4c4c 286->290 292 6bb4c8f-6bb4c95 289->292 293 6bb4c96-6bb4cc6 289->293 290->289 292->293
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06BB4C80
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2257810254.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6bb0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: 529119e747e53a4a914c34eb777b506080e1b17dd7a23055d9a187c175179a3c
                                          • Instruction ID: 316c2055b83c023a0f49cc94ac38082104993c31ecdfb64f45e8983163a05e65
                                          • Opcode Fuzzy Hash: 529119e747e53a4a914c34eb777b506080e1b17dd7a23055d9a187c175179a3c
                                          • Instruction Fuzzy Hash: F82148B19003099FDB10CFA9C881BEEBBF5FF48310F108429E919A7240C7789954CBA1
                                          Function 067F3A0C Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 276 67f3a0c-67f51f4 278 67f51ff-67f520e 276->278 279 67f51f6-67f51fc 276->279 280 67f5213-67f524c DrawTextExW 278->280 281 67f5210 278->281 279->278 282 67f524e-67f5254 280->282 283 67f5255-67f5272 280->283 281->280 282->283
                                          APIs
                                          • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,067F518D,?,?), ref: 067F523F
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2256929074.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_67f0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: DrawText
                                          • String ID:
                                          • API String ID: 2175133113-0
                                          • Opcode ID: 28cbb0032b267ddcf4f00ef57e14b21afa0360fae7610a410750d179ab9c9776
                                          • Instruction ID: f0e9a883dc30a0d3ee277a829f764aa4fa08da126ef740a1841e308f8661d9fe
                                          • Opcode Fuzzy Hash: 28cbb0032b267ddcf4f00ef57e14b21afa0360fae7610a410750d179ab9c9776
                                          • Instruction Fuzzy Hash: 2C31E4B5D002499FDB50CF9AD884AAEBBF5FF58320F14842AE919A7310D775A950CFA0
                                          Function 06BB4BF0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 297 6bb4bf0-6bb4c3e 299 6bb4c4e-6bb4c8d WriteProcessMemory 297->299 300 6bb4c40-6bb4c4c 297->300 302 6bb4c8f-6bb4c95 299->302 303 6bb4c96-6bb4cc6 299->303 300->299 302->303
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06BB4C80
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2257810254.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6bb0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: 52e583f7fb105a4c9d477a298838cd4ff0fddbd8c1280e443121e0f7408a9fda
                                          • Instruction ID: 814e1ff113038137c1a2495efc8a38320221cbd6ca8efbda0c4472896bc5cf4e
                                          • Opcode Fuzzy Hash: 52e583f7fb105a4c9d477a298838cd4ff0fddbd8c1280e443121e0f7408a9fda
                                          • Instruction Fuzzy Hash: E4212AB19003499FDF10CFA9C885BEEBBF5FF48310F108429E519A7241C7789554CBA5
                                          Function 06BB4A51 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 307 6bb4a51-6bb4aa3 310 6bb4ab3-6bb4ae3 Wow64SetThreadContext 307->310 311 6bb4aa5-6bb4ab1 307->311 313 6bb4aec-6bb4b1c 310->313 314 6bb4ae5-6bb4aeb 310->314 311->310 314->313
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06BB4AD6
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2257810254.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6bb0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: bb701749c04b3f0cc73a6e7dbea1ce8b05f5d9c9c9f79685bdad49f9792d86b5
                                          • Instruction ID: 2c71327f882a91909c1eb98f342daef2a9fadebaa16cb72ef80c94055ac12d94
                                          • Opcode Fuzzy Hash: bb701749c04b3f0cc73a6e7dbea1ce8b05f5d9c9c9f79685bdad49f9792d86b5
                                          • Instruction Fuzzy Hash: 042139B1D003099FDB10DFAAC4857EEBBF4EF88324F148429D559A7241CBB8A944CFA5
                                          Function 00A4D689 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 318 a4d689-a4d724 DuplicateHandle 319 a4d726-a4d72c 318->319 320 a4d72d-a4d74a 318->320 319->320
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A4D717
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2244793634.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_a40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 41e0336013f3c3cb2865030490556fa0d485db10dc6a81a2eb9f2def6c68227a
                                          • Instruction ID: 11da8896693fdfc550072b84bd2e955b9452fdf5ce126c5fc7dca1697c678cf3
                                          • Opcode Fuzzy Hash: 41e0336013f3c3cb2865030490556fa0d485db10dc6a81a2eb9f2def6c68227a
                                          • Instruction Fuzzy Hash: 582103B59002499FDB10CFAAD884AEEBFF5FB48324F14841AE958A3350C374A955CF60
                                          Function 06BB4A58 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 323 6bb4a58-6bb4aa3 325 6bb4ab3-6bb4ae3 Wow64SetThreadContext 323->325 326 6bb4aa5-6bb4ab1 323->326 328 6bb4aec-6bb4b1c 325->328 329 6bb4ae5-6bb4aeb 325->329 326->325 329->328
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06BB4AD6
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2257810254.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6bb0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: f8d669a9ae119ddbcbce7ec25a50b8816921a4bc8d1198bac1dcf9500105621a
                                          • Instruction ID: 36689f5215bf09e9b90f2a352929d674ccd9191638b56767e3be975f2504fc40
                                          • Opcode Fuzzy Hash: f8d669a9ae119ddbcbce7ec25a50b8816921a4bc8d1198bac1dcf9500105621a
                                          • Instruction Fuzzy Hash: 242137B1D003098FDB10DFAAC4857EEBBF4EF88320F14842AD519A7241CBB89944CFA5
                                          Function 06BB4CE0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                          Download Yara Rule
                                          APIs
                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06BB4D60
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2257810254.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6bb0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: MemoryProcessRead
                                          • String ID:
                                          • API String ID: 1726664587-0
                                          • Opcode ID: 526d14b85d64db7c6948267779137a2f3d1bb064f085d4b36aa8dd5134220fbd
                                          • Instruction ID: 50bdf7cfe1d358302d861eb1bf94228c2ecf6864af20ac9142ecb9b5e171203b
                                          • Opcode Fuzzy Hash: 526d14b85d64db7c6948267779137a2f3d1bb064f085d4b36aa8dd5134220fbd
                                          • Instruction Fuzzy Hash: C02128B1C003499FDB10DFAAC881BEEBBF5FF48320F10842AE519A7240D7789910CBA5
                                          Function 00A4D690 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                          Download Yara Rule
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A4D717
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2244793634.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_a40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 32a0c4d91703bea4faa8dbf9d87bd04a4d17473df4f5ab58a31c375f59bc8304
                                          • Instruction ID: ed91ac7e3c0bc09f5b6352eed88a069725a58a5a1ab3cbf9a6472e81ddd35d7a
                                          • Opcode Fuzzy Hash: 32a0c4d91703bea4faa8dbf9d87bd04a4d17473df4f5ab58a31c375f59bc8304
                                          • Instruction Fuzzy Hash: AE21C4B5900249DFDB10CF9AD984ADEBBF4FB48320F14841AE918A3350D374A954CFA5
                                          Function 06BB4B29 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06BB4B9E
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2257810254.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6bb0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: d910fa7acc9bc0389645864c5999450e70c1fad099f38b0b960bdd4b59102754
                                          • Instruction ID: 616b4db2829de60c1b156b48deb6197aa46179c165a0f127d38addd8684d1c09
                                          • Opcode Fuzzy Hash: d910fa7acc9bc0389645864c5999450e70c1fad099f38b0b960bdd4b59102754
                                          • Instruction Fuzzy Hash: 9B1147729002499FDF20CFAAC845BEFBBF5EF88320F148419E519A7250CBB5A550CBA5
                                          Function 00A4A130 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00A4B079,00000800,00000000,00000000), ref: 00A4B28A
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2244793634.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_a40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: bc8da5f375802958310f4a2dc656e9f53e8467c3d941b2bc20f537d02454ec52
                                          • Instruction ID: 86a7cd981989d6a303da4355fa1f5a58c28cbd6cee3f755cee088e6c22a502a6
                                          • Opcode Fuzzy Hash: bc8da5f375802958310f4a2dc656e9f53e8467c3d941b2bc20f537d02454ec52
                                          • Instruction Fuzzy Hash: 541117B68003098FDB10CF9AD444BDEFBF4EB88310F10852AD519A7200C3B5A545CFA4
                                          Function 00A4B218 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00A4B079,00000800,00000000,00000000), ref: 00A4B28A
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2244793634.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_a40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: 4858c5314d26595818863925cdfc3a7f9494052a3eaa41f921bedbce58de15bf
                                          • Instruction ID: 89d02266475f7cbe41f250e6f3f180abce2d7491b87c8e5bddf813f90752f46f
                                          • Opcode Fuzzy Hash: 4858c5314d26595818863925cdfc3a7f9494052a3eaa41f921bedbce58de15bf
                                          • Instruction Fuzzy Hash: 981103B68002499FDB20CFAAC484ADEFBF4AB88320F14851AD559A7600C3B5A945CFA4
                                          Function 06BB4B30 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06BB4B9E
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2257810254.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6bb0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 4c84011afd77fd84023e4224b110094b5e6d6bf83aec91513902db64b44d9684
                                          • Instruction ID: 8d6be5a911e7ed798c1abdfe24c5f772f7cd904515c5ea8841d89c3c8615ec1f
                                          • Opcode Fuzzy Hash: 4c84011afd77fd84023e4224b110094b5e6d6bf83aec91513902db64b44d9684
                                          • Instruction Fuzzy Hash: B31129729002499FDF10DFAAC845BEEBBF5FF88320F148419E519A7250C7759550CBA1
                                          Function 06BB4568 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • ResumeThread.KERNELBASE(A6FC6C06), ref: 06BB45D2
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2257810254.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6bb0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 10fbf3db4291cae450f80a35fbd7e3575789f1dae918254d7f829b9ab52f5a48
                                          • Instruction ID: 37bab69d94da2eb65ab1337e78e088848b6426f3842b2163af159f226e48e3c5
                                          • Opcode Fuzzy Hash: 10fbf3db4291cae450f80a35fbd7e3575789f1dae918254d7f829b9ab52f5a48
                                          • Instruction Fuzzy Hash: 9B1158B1D007498FDB20DFAAC8457EFFBF4EF88220F24841AD519A7240CB75A940CBA5
                                          Function 06BB4570 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • ResumeThread.KERNELBASE(A6FC6C06), ref: 06BB45D2
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2257810254.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6bb0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 1542735ddecacf9c9cc45120dc796657c6a825aef105efc507e9ac3513cfb47d
                                          • Instruction ID: 965ebc5fc37fb721c335aacdc113cd8ff8cb2afba9d5d604d2ef4c7b2473957f
                                          • Opcode Fuzzy Hash: 1542735ddecacf9c9cc45120dc796657c6a825aef105efc507e9ac3513cfb47d
                                          • Instruction Fuzzy Hash: 751128B19007498FDB10DFAAC8457EEFBF4EF88624F24841AD519A7240CB75A540CB95
                                          Function 067F7FF8 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                          Download Yara Rule
                                          APIs
                                          • FindCloseChangeNotification.KERNELBASE(?), ref: 067F8058
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2256929074.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_67f0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: ChangeCloseFindNotification
                                          • String ID:
                                          • API String ID: 2591292051-0
                                          • Opcode ID: e6cc61383be7495dc213e93eac1e608da0d4c92de6dc67953504bed105b68481
                                          • Instruction ID: 58bcbc465cfaaea088922471c62c3bcc31eb1579884210703c1593221c0cc212
                                          • Opcode Fuzzy Hash: e6cc61383be7495dc213e93eac1e608da0d4c92de6dc67953504bed105b68481
                                          • Instruction Fuzzy Hash: 5B1113B6810649CFCB50CF99C585BEEBBF4EB48320F24841AD668A7240D778A645CFA5
                                          Function 06BB2FD8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 06BB78F5
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2257810254.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6bb0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: MessagePost
                                          • String ID:
                                          • API String ID: 410705778-0
                                          • Opcode ID: e56d63bac3aa50c72e773112882349261fab0daaf9008de9ac82c8d25f3e7d13
                                          • Instruction ID: c2b56822d4caf2971e57fe5a442682fb0f31d9a33ded664346d0cd7651fd8bb8
                                          • Opcode Fuzzy Hash: e56d63bac3aa50c72e773112882349261fab0daaf9008de9ac82c8d25f3e7d13
                                          • Instruction Fuzzy Hash: 421106B5800349DFDB50CF9AC944BEEBBF8EB48724F109459E558A7200C3B5A954CFA1
                                          Function 067F8000 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          APIs
                                          • FindCloseChangeNotification.KERNELBASE(?), ref: 067F8058
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2256929074.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_67f0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: ChangeCloseFindNotification
                                          • String ID:
                                          • API String ID: 2591292051-0
                                          • Opcode ID: 07b4a2cf3e58909fece125590e432a2aff8e45748f94fba9e6a79bde15f0fb5c
                                          • Instruction ID: 538e1fe3a1aabefeab70eedb43cea721e10699dfd187a43dc86a5e0c53cca3e2
                                          • Opcode Fuzzy Hash: 07b4a2cf3e58909fece125590e432a2aff8e45748f94fba9e6a79bde15f0fb5c
                                          • Instruction Fuzzy Hash: 271110B2800249CFCB10CF9AC585BAEBBF4EB48320F20842AD658A7240D778A544CBA5
                                          Function 00A4AF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 00A4AFFE
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2244793634.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_a40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: d47b8f933447323f793b75e10fb13625e4fb6bf30f8f12318dc7b4ea4e6fc4d7
                                          • Instruction ID: 9ea097df5f806941eb55994363a3f4f7fdf52ec535dcd75ac0d0e593d17e76fe
                                          • Opcode Fuzzy Hash: d47b8f933447323f793b75e10fb13625e4fb6bf30f8f12318dc7b4ea4e6fc4d7
                                          • Instruction Fuzzy Hash: 2011DFB6C006498FDB10CF9AD444B9EFBF4AF88324F14841AD929A7610D3B9A545CFA1
                                          Function 06BB7891 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 06BB78F5
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2257810254.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6bb0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: MessagePost
                                          • String ID:
                                          • API String ID: 410705778-0
                                          • Opcode ID: d71bcc40360fb1d20101fe9f02561263f5406a1761cb1e6ae1845843bb519d18
                                          • Instruction ID: af5c3e0ad90e68dea736c00cb82491d744013c0af7a37bdd0a758c8e89c339cf
                                          • Opcode Fuzzy Hash: d71bcc40360fb1d20101fe9f02561263f5406a1761cb1e6ae1845843bb519d18
                                          • Instruction Fuzzy Hash: 701106B5800349DFDB10CF9AC885BEEBFF4EB88724F20845AD558A7610C3B5A554CFA1
                                          Function 07F878E2 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: V
                                          • API String ID: 0-1342839628
                                          • Opcode ID: 75f0be39eeb51530914b8b8878897dc55acbd9414511ec44b010cd08c44c13f9
                                          • Instruction ID: 35e107b6da3a32079e4682c0d09efca32ad51f9d4d516f3750e49a87f6be120b
                                          • Opcode Fuzzy Hash: 75f0be39eeb51530914b8b8878897dc55acbd9414511ec44b010cd08c44c13f9
                                          • Instruction Fuzzy Hash: DD51B6B1D14285CBDB54BFA9D8907BDBBB2BF06301F3C8066E4669A295C734CA41CB31
                                          Function 07F84B6A Relevance: .6, Instructions: 563COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f8f9bffd2288501bf8c9d61b447b60931642b55c8917189d10010effcdec3118
                                          • Instruction ID: 94be74232b96ae3ef28f7c5aaa59234c301999d8f0b47d4b9d78dab13d7e8ddc
                                          • Opcode Fuzzy Hash: f8f9bffd2288501bf8c9d61b447b60931642b55c8917189d10010effcdec3118
                                          • Instruction Fuzzy Hash: 58228371E0425ACFDB94EF94C854B7DBBB2BB85300F188166E5129B395CB70DD41CB91
                                          Function 07F833F8 Relevance: .4, Instructions: 427COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 16a78c7294cd5675cd5fc9ad03fca25dc5ee489954cf29d03dad1234722d681e
                                          • Instruction ID: 85b559f62af54ce3eec9c28c13424e962ea2538f6abaf575c638fc3560148463
                                          • Opcode Fuzzy Hash: 16a78c7294cd5675cd5fc9ad03fca25dc5ee489954cf29d03dad1234722d681e
                                          • Instruction Fuzzy Hash: 18F1A2B4F04209DFDB54ABB9D815B6DBBA2FF85B10F188029E502DB395CEB4CC428B51
                                          Function 07F833E8 Relevance: .4, Instructions: 389COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 74c29699963eedeea45e0a08308c20f27ec17f074b6555c95e4f2cb2d185460f
                                          • Instruction ID: 5ad3e8cdbc976bffbe1ad717b6628960a12dc3f99ac195635fe319aaf49d1d74
                                          • Opcode Fuzzy Hash: 74c29699963eedeea45e0a08308c20f27ec17f074b6555c95e4f2cb2d185460f
                                          • Instruction Fuzzy Hash: 2BE19FB4F04208DFDB54AB68D855B6DBBB2FF85B10F188529E502DB395CAB4CC42CB91
                                          Function 07F80040 Relevance: .2, Instructions: 219COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e371be70ee43655e09a22ab03b2e2ad7fc9db2cd279257e5c90483d7ae0573b6
                                          • Instruction ID: ba2d79636c2645dbbefac0d719bf93058b37c2cc03ff9dc66a9d746153f5e5ea
                                          • Opcode Fuzzy Hash: e371be70ee43655e09a22ab03b2e2ad7fc9db2cd279257e5c90483d7ae0573b6
                                          • Instruction Fuzzy Hash: 7381F3787106108FCB54EF28D498A6A7BF6FF89B14B5581A9E502CB375DB71EC06CB80
                                          Function 07F83FB8 Relevance: .2, Instructions: 208COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1bd1fdfa602a17e5938c8e27c2debe7c5ae06e8db1660de04d37738232fd5fea
                                          • Instruction ID: 510ee70b383178049a0d29d8de0f3341f625521ca0a058057dce63b42be56c7b
                                          • Opcode Fuzzy Hash: 1bd1fdfa602a17e5938c8e27c2debe7c5ae06e8db1660de04d37738232fd5fea
                                          • Instruction Fuzzy Hash: B4818AB0E0428ADFCB54EFA8C584ABDBBF1FF45304F1981AAE0159B266D734D941CB51
                                          Function 07F83707 Relevance: .2, Instructions: 206COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 06960ff17acbbb6edcbd9b6079cadfbe2ebb30fd2943d36765452ba902f743a5
                                          • Instruction ID: b9e050e5f2208508a72b715c31fd3b680b1d43ff0caef9b73983c756a903c221
                                          • Opcode Fuzzy Hash: 06960ff17acbbb6edcbd9b6079cadfbe2ebb30fd2943d36765452ba902f743a5
                                          • Instruction Fuzzy Hash: FA719FB4B04209DFDB54AB74E818B6D7BA2FFC6710F148125E9029B395CEB4CC428B91
                                          Function 07F84FDC Relevance: .2, Instructions: 202COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 945d3660fba58996cf175855929439e8942d82c20dc7e54c17fe4eb11f6c2ff4
                                          • Instruction ID: 16dd86a6cf52c0becbd9c5898d955af81cf8c9a5d51113f2d210fc6ab29100c0
                                          • Opcode Fuzzy Hash: 945d3660fba58996cf175855929439e8942d82c20dc7e54c17fe4eb11f6c2ff4
                                          • Instruction Fuzzy Hash: 6D71B2B1E14209DFDBA4EB94D844BADB772FF81311F2C8126E912AB294CB70DC51CB91
                                          Function 07F88B50 Relevance: .2, Instructions: 202COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 09e9301604e874cdc0f9c7fbfab2f27730c35784ab95c48dc6aa3affec9da5e3
                                          • Instruction ID: e3e920e6e7f6ea785e46f51e58dd5abb928698902d6ff49a690aca2a0b4c29f5
                                          • Opcode Fuzzy Hash: 09e9301604e874cdc0f9c7fbfab2f27730c35784ab95c48dc6aa3affec9da5e3
                                          • Instruction Fuzzy Hash: B971A2F2F24115CFDB94ABACC4447BDBBB2BB86395F8C8166E052AB381C634CD408B51
                                          Function 07F83792 Relevance: .2, Instructions: 179COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d6a230a5d71b934c12322561ad70f855c4a04d667d331f624cc18288b9f34616
                                          • Instruction ID: b2b3cd37bd22910a5f6a0a6d2c255476b85e436f7ac71485e007705a682eaf5a
                                          • Opcode Fuzzy Hash: d6a230a5d71b934c12322561ad70f855c4a04d667d331f624cc18288b9f34616
                                          • Instruction Fuzzy Hash: D2516D75F00208DBDB54AB74E819B6D7BA2FFC5710F148129F9129B395DEB4CC428B91
                                          Function 07F88B4B Relevance: .2, Instructions: 179COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 19b54628c38ce6a9a9403c0828bdd51bb725a4f8d988d43bb71b0a43e84bc1b1
                                          • Instruction ID: e5ecd53f4b3fb25a835342561a20b11f9f7dfe5af46110330e3deeced389de2c
                                          • Opcode Fuzzy Hash: 19b54628c38ce6a9a9403c0828bdd51bb725a4f8d988d43bb71b0a43e84bc1b1
                                          • Instruction Fuzzy Hash: 426182F2E24115CFDB90AF9CC444BBDBBB1AB86396F8C8166E055AB391D334C9408B51
                                          Function 07F875D9 Relevance: .2, Instructions: 178COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a8f9758785bf16c50626123844f701080182b0270fe65dfffca8756a50e71923
                                          • Instruction ID: bfa6f7fff48b3503977d84ccefa7923a36cf65a0b84d895688b976a3864c96ca
                                          • Opcode Fuzzy Hash: a8f9758785bf16c50626123844f701080182b0270fe65dfffca8756a50e71923
                                          • Instruction Fuzzy Hash: 9B718071A01205CFCB54FFACC5C4B69BBB2FB45314F29899AD0559B6A6C370E840CBB0
                                          Function 07F84ACC Relevance: .2, Instructions: 169COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ffaf6459199ff9dd2e1bf497778539a1bb29a3999acaa3440733d43de770870a
                                          • Instruction ID: 608c44c098f2a8f29e345b2e9220f140f84f2cc063f6930c8dbfe8f8f7ffefbe
                                          • Opcode Fuzzy Hash: ffaf6459199ff9dd2e1bf497778539a1bb29a3999acaa3440733d43de770870a
                                          • Instruction Fuzzy Hash: F351DF61A1E3D15FD747EB384C648FB7FB29E8315070E04DBE191CB293EA684909C7A6
                                          Function 07F8AC5F Relevance: .2, Instructions: 158COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b42b7203f35493348ef966626834f2f8e2cf46acebd6922fe53c4c2f2f257945
                                          • Instruction ID: d33d16f260ef01b6f6598541cc549ed6776a72fbd7ffdf9f3bce3ace2b3367a4
                                          • Opcode Fuzzy Hash: b42b7203f35493348ef966626834f2f8e2cf46acebd6922fe53c4c2f2f257945
                                          • Instruction Fuzzy Hash: 55518F71B14249DBEB84EBA9C841B7E77B2FB85310F18C056E602EB385DA74CD42C791
                                          Function 07F86478 Relevance: .1, Instructions: 131COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7d4b87e986d7814b6e507e9ad7b3c13a08ca5e54577add6216caf4ab1b0be8cb
                                          • Instruction ID: af73967d14e87b7f5a6d6a3c47b21789892ce020550e4c7d111e1c13146e6079
                                          • Opcode Fuzzy Hash: 7d4b87e986d7814b6e507e9ad7b3c13a08ca5e54577add6216caf4ab1b0be8cb
                                          • Instruction Fuzzy Hash: 864117F1E09295CFC760AB69D40066ABFB5AF83309F1C81ABD155CF24BCA75C942C752
                                          Function 07F86F5A Relevance: .1, Instructions: 127COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c17e6ed42af85ece3f121419aa63054351e6f352ff8845f65ac4526a119c1b95
                                          • Instruction ID: 4876cd97490c5c82fbca77aff2dd459621985d9c8606643eb95bfd5352c232af
                                          • Opcode Fuzzy Hash: c17e6ed42af85ece3f121419aa63054351e6f352ff8845f65ac4526a119c1b95
                                          • Instruction Fuzzy Hash: CF41D77441DBC08FD323AB3998546417FF0AF8720270A99CBD5D5CBBA3C665991AC722
                                          Function 07F8ECB8 Relevance: .1, Instructions: 126COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 684554c7147d32e5904c86189a53599bc72a05dfb9556a8f68eaae37477a650c
                                          • Instruction ID: 9606885d760651b3426b4d17b45040b9a20753cba07e1af49c492e2e69d22f08
                                          • Opcode Fuzzy Hash: 684554c7147d32e5904c86189a53599bc72a05dfb9556a8f68eaae37477a650c
                                          • Instruction Fuzzy Hash: 5F4118B6E082098FDB48DFAAC4446AEBBF6FB8E301F18D129D419A7251D7309945CB54
                                          Function 07F80540 Relevance: .1, Instructions: 121COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6a492a4acec2b2ae702be69c9a629be69867af7a88c6ff7e4e1b96225f836cbf
                                          • Instruction ID: c9a2881033fae4d49cbaa68a28076512df694e686c3b17d240314c715e2d34a9
                                          • Opcode Fuzzy Hash: 6a492a4acec2b2ae702be69c9a629be69867af7a88c6ff7e4e1b96225f836cbf
                                          • Instruction Fuzzy Hash: F841B2B1E01149CBDBA4FBB4C4547ADBAB2EB88314F985439D602AB340DF344885CBA1
                                          Function 07F82DB0 Relevance: .1, Instructions: 108COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5ed0bcea3b77d8c9853fa7d36255b1c5b1c8e27c46a991310766bd733b55278e
                                          • Instruction ID: 143bb982ebbba29a301eac3f426233b49641f216a34d16bf91487b6a8c98ac70
                                          • Opcode Fuzzy Hash: 5ed0bcea3b77d8c9853fa7d36255b1c5b1c8e27c46a991310766bd733b55278e
                                          • Instruction Fuzzy Hash: C94126B1A04248CFDB45EB78D4507AE7BB1FB46324F084557D452AB282CB74F880CBAA
                                          Function 07F80006 Relevance: .1, Instructions: 104COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 454b0eedf32468e76748897d3f464017634e6fd9b236a05731ecd899bf4de19f
                                          • Instruction ID: e77258bf74e75a352146c7293e46318a2da2d8294cca0611722de4061f2c094e
                                          • Opcode Fuzzy Hash: 454b0eedf32468e76748897d3f464017634e6fd9b236a05731ecd899bf4de19f
                                          • Instruction Fuzzy Hash: 113190357146408FC746DB38D85489D7BF2EF8A71070941EAE511CB3B2DB759D0ACB91
                                          Function 07F889A8 Relevance: .1, Instructions: 100COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 72610af3fd37eeb2c383db80dfa4d1ccda58baa09b71b498aeda5616ee361b25
                                          • Instruction ID: a51f2acb22cb644a7b3ea1759c5bd233ed5eb0cdea3b01f0fa8540b3e351a009
                                          • Opcode Fuzzy Hash: 72610af3fd37eeb2c383db80dfa4d1ccda58baa09b71b498aeda5616ee361b25
                                          • Instruction Fuzzy Hash: 3B3137B1924255CFDB50DF59C8817AEBFB0EF82344F484066E055DB282C3B9D942CB91
                                          Function 07F889B8 Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 65368a817e4fb080accb70b7f22f4e125f0bf2060013e058a20dccb71bd0fd06
                                          • Instruction ID: 9f7dc275dbd2dfffe639d41e9b5f097a49c02cacf32953ce03de8d9998128c3c
                                          • Opcode Fuzzy Hash: 65368a817e4fb080accb70b7f22f4e125f0bf2060013e058a20dccb71bd0fd06
                                          • Instruction Fuzzy Hash: 673104B1A24116DFDB50EF5DC84176EBBB0EB82344F98806AE055DB291C3B9E942C791
                                          Function 07F861C8 Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1037d2a51dd59da8a1ba4a62db4822bab705a10d8eb3c34fee2bf607e32b7f99
                                          • Instruction ID: ca8b28d0fe8d092a5d8818a65c9ef9395d79d7c2c7da38d44021ba040b2afbf0
                                          • Opcode Fuzzy Hash: 1037d2a51dd59da8a1ba4a62db4822bab705a10d8eb3c34fee2bf607e32b7f99
                                          • Instruction Fuzzy Hash: 7F3130F1E18669CBCB919B65CD0177AB7B1EF82321F0C82A7E461C62D3D638C441C762
                                          Function 07F8BBF8 Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 958c585b951abbb118fe2033d5b2caac1478b6f44e0cee5774662f5f8f16f069
                                          • Instruction ID: 4669779311edba2e26a0e20de0795c9d652bf22c68a414272c500d61d172dc2f
                                          • Opcode Fuzzy Hash: 958c585b951abbb118fe2033d5b2caac1478b6f44e0cee5774662f5f8f16f069
                                          • Instruction Fuzzy Hash: 1A213AB1B04648DFD3646B66985572ABFA6BF87710F58807AE1078F296CE60CC028751
                                          Function 008DD1FC Relevance: .1, Instructions: 76COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2244429271.00000000008DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008DD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_8dd000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6afb65f126bc19f90d2a9c4c38150f21da34a8e5a27e24f5616f8b1696832289
                                          • Instruction ID: e6d1b868d225deb612ce573484dd886d9df935428a7fd1417335965338eba8b3
                                          • Opcode Fuzzy Hash: 6afb65f126bc19f90d2a9c4c38150f21da34a8e5a27e24f5616f8b1696832289
                                          • Instruction Fuzzy Hash: B321B072504344EFDB059F54D9C0B2ABB65FB88314F24866AED098B356C376E816CAA1
                                          Function 008DD4C4 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2244429271.00000000008DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008DD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_8dd000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fa58aca9ab0f345a2ce2a0f830c1cba9a4ddf3421a1662ff965ad9cec640d6b3
                                          • Instruction ID: 1f8808f790f84327f90c4b57c0ba7bf6c6f6456fc52f406b9c66fd476595f0e5
                                          • Opcode Fuzzy Hash: fa58aca9ab0f345a2ce2a0f830c1cba9a4ddf3421a1662ff965ad9cec640d6b3
                                          • Instruction Fuzzy Hash: 5821C472504344EFDB15DF14E9C0B26BF75FB84318F24C66AD9094A356C336D856CAA1
                                          Function 07F807FF Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 03f5b36b374265c8d01c6b01a946ab0de173c1a63b270794aa45837fc68be020
                                          • Instruction ID: 2301cf5918f2396116b64bddcfed4a422cc2024da75c8920f804ad06f4a2fc3a
                                          • Opcode Fuzzy Hash: 03f5b36b374265c8d01c6b01a946ab0de173c1a63b270794aa45837fc68be020
                                          • Instruction Fuzzy Hash: F321F131910209AFDB05AFA4D8809DDBBB2FF99300F15856AE002BB220DB71A846CB90
                                          Function 07F87180 Relevance: .1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 15807cb701162a4d49488d613f5fabf479dfcef0d141cdde650da5832d7f67f7
                                          • Instruction ID: faddf3a08eb2ff66effe423455231fb2ee4fb535654185e7199915c88f6ce465
                                          • Opcode Fuzzy Hash: 15807cb701162a4d49488d613f5fabf479dfcef0d141cdde650da5832d7f67f7
                                          • Instruction Fuzzy Hash: 2C210BB13187809FE761BB68EC55B677FB8EB82710F180567F1428A681C678DE01CB71
                                          Function 008ED01C Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2244486138.00000000008ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 008ED000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_8ed000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 94bbff2277879122c323f2e2069421b2d3b566b979021d37f2058fa47864bf01
                                          • Instruction ID: 9036f8f1048877f5b8d63567fde320fc4e7cf0e0bf9f23d0f8b2ec630b817e29
                                          • Opcode Fuzzy Hash: 94bbff2277879122c323f2e2069421b2d3b566b979021d37f2058fa47864bf01
                                          • Instruction Fuzzy Hash: EC213475604784EFCB14DF15D9C0B26BB61FB85318F28C56DD90A8B292C37BD80BCA61
                                          Function 008ED1D4 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2244486138.00000000008ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 008ED000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_8ed000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dbfe4b1ebc6f49c06abe04b7de942702c57d93b98763b7e6f6e6bd5320fe6e5a
                                          • Instruction ID: 889c85030dd5f2c7572fcc8063b5321efa200b7870c461fe2c6881fc5758b09d
                                          • Opcode Fuzzy Hash: dbfe4b1ebc6f49c06abe04b7de942702c57d93b98763b7e6f6e6bd5320fe6e5a
                                          • Instruction Fuzzy Hash: 54214675504384EFDB04DF11D9C0B26BBA1FB85318F20C56DEA098B292C37AE80ACA61
                                          Function 07F83B03 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f32b134757896133690b319765583dbadd7565eeebfe66c99afd42b9d3147a52
                                          • Instruction ID: 8ff0179c4e83836945a89cfdb6d9a027b6bff7ba2f144a68397a8ce0350e0a1e
                                          • Opcode Fuzzy Hash: f32b134757896133690b319765583dbadd7565eeebfe66c99afd42b9d3147a52
                                          • Instruction Fuzzy Hash: CD2192F1E18256CECBA0D76D846027EF7F1EF41A15F1D8566D1A6C72A1D239D441CB20
                                          Function 07F8BBE9 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1c26df82151a1780877baf85a7d5de11576c52b1e5d65fb2b86aeb760fa54bd9
                                          • Instruction ID: b689b9c1a057d1b5830b59e5cf11d41f36b0bab631ad2051cc2bcfd09718e23b
                                          • Opcode Fuzzy Hash: 1c26df82151a1780877baf85a7d5de11576c52b1e5d65fb2b86aeb760fa54bd9
                                          • Instruction Fuzzy Hash: 521156F0B45608DFD3606B159885B697B66FF87710F48816AF2068F296CF30C8428795
                                          Function 07F83C20 Relevance: .1, Instructions: 64COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f2d1ede3bec8b4adf43520262e3aa16c6f94fb9a3cdb74c8f285a56cf68cdff0
                                          • Instruction ID: c7e6b50fdb6e0b1ef2966224e11a8fbbce6a0d1067ac23ea2f67c31bf787b96b
                                          • Opcode Fuzzy Hash: f2d1ede3bec8b4adf43520262e3aa16c6f94fb9a3cdb74c8f285a56cf68cdff0
                                          • Instruction Fuzzy Hash: 90113B31A04190DFD7505B68A8057B93FE1BF87B05F18C0BAE505CF396C6BA8D42C791
                                          Function 008ED006 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2244486138.00000000008ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 008ED000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_8ed000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 53516a3a7b376e3d819c7c5d2fc571736511908c3a262f57b7aa1c133ee001a9
                                          • Instruction ID: 4463e66e75affcd41192b4ad7005490044700ae55e09e0b645d4a5e2f32ae45b
                                          • Opcode Fuzzy Hash: 53516a3a7b376e3d819c7c5d2fc571736511908c3a262f57b7aa1c133ee001a9
                                          • Instruction Fuzzy Hash: 77214F755087C49FCB02CF14D994715BF71FB46314F28C5EAD8498B2A7C33A985ACB62
                                          Function 07F84AC4 Relevance: .1, Instructions: 62COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 081049d8653c3cc47e0f8f7482ecc5bf387760a07dfa5d26b16ba1d78e5a8102
                                          • Instruction ID: f688cd353a70494bc1f277619d670db860eac08c7b92788c38392e3647cce0d9
                                          • Opcode Fuzzy Hash: 081049d8653c3cc47e0f8f7482ecc5bf387760a07dfa5d26b16ba1d78e5a8102
                                          • Instruction Fuzzy Hash: 7D11E3B1A002069B8B90FF7D8C449BFB6F6EFC52607688929D529A7340EF70D9058761
                                          Function 07F89C5F Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8eb1ab3b8fedb0b59cb27a978eb46dd9c39da888055276ca2264f09c5b8ac564
                                          • Instruction ID: d2069663fdddd85a0304fd4dcd740f510289254cb4f458318d7c3a1ac5ba446a
                                          • Opcode Fuzzy Hash: 8eb1ab3b8fedb0b59cb27a978eb46dd9c39da888055276ca2264f09c5b8ac564
                                          • Instruction Fuzzy Hash: F311E3B1A006465F8B51EF7C9C409BFBBB6EFC52607194929D968E7340EB709E058361
                                          Function 07F83B5A Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b4f0deed177005d947c20149890dc99060b0df7ff51b5bb936e8704b77c46901
                                          • Instruction ID: eed458c02683192fd9a8d0bea6b8bf196b03d9226b8c25012f078409049e6fcb
                                          • Opcode Fuzzy Hash: b4f0deed177005d947c20149890dc99060b0df7ff51b5bb936e8704b77c46901
                                          • Instruction Fuzzy Hash: 1B1194F1A18696CEDBA0D76D84602BDF7F1AF42A25F1D8566E1B6D72F1C239D400C720
                                          Function 07F83C30 Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3d102658dd90859fb98e504c49bc1712a214d7041931f42a9cdc5b3e4642caee
                                          • Instruction ID: 00054ec5f884b9db365127262fda7097e4e1545d659fcca2cfad4a4b2868f124
                                          • Opcode Fuzzy Hash: 3d102658dd90859fb98e504c49bc1712a214d7041931f42a9cdc5b3e4642caee
                                          • Instruction Fuzzy Hash: 86113831A04194EFD790A769A80577D3FD5BF82705F18C0BAE505CB395CAB68C82C780
                                          Function 07F89C27 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e55929e23067b2cbffada2f9411b3d9a21a7a7f00f055f9306f90cdd6b4f9978
                                          • Instruction ID: c67d1e9680271a42ba5801f91f4bdcd7ee0191bbb6a1d6fb877b06ab1049ea44
                                          • Opcode Fuzzy Hash: e55929e23067b2cbffada2f9411b3d9a21a7a7f00f055f9306f90cdd6b4f9978
                                          • Instruction Fuzzy Hash: AD0126B7A002168B8B51EF688C44CFEB3B7EEC11707684B19E675873D0EA30E9058700
                                          Function 07F89B90 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9cf454562412ea3bf3719f8113669763892432cec501753199bc91d111fb6d96
                                          • Instruction ID: 5021c02afd9a447268a32d7387b343107964f4e770ae3a03c02311653425a018
                                          • Opcode Fuzzy Hash: 9cf454562412ea3bf3719f8113669763892432cec501753199bc91d111fb6d96
                                          • Instruction Fuzzy Hash: 0B114C71F0024A8BCB94EBB998106FEB6F6AB89211B244069C504E7344EB769E11CBA1
                                          Function 008DD1F7 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2244429271.00000000008DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008DD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_8dd000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 45d2786e60e1e4201bb004dcd9f59ae96814e242b2a6b2dda49e09682ea99c03
                                          • Instruction ID: d8d0494cc6b0826463afcd9c09233d6b17559c827a12599d082c916ecdc41dc6
                                          • Opcode Fuzzy Hash: 45d2786e60e1e4201bb004dcd9f59ae96814e242b2a6b2dda49e09682ea99c03
                                          • Instruction Fuzzy Hash: 14219D76504284DFCB06CF50D9C4B56BF72FB84314F24C6AADC094B656C33AE826CBA1
                                          Function 008DD4BF Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2244429271.00000000008DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008DD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_8dd000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                          • Instruction ID: 92a0db5b1a7b25b2643928c23187e3ce9a5099dda80e96e0bacebcb00eb07860
                                          • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                          • Instruction Fuzzy Hash: 6E11B176504380DFCB15CF10D5C4B16BF71FB94328F24C6AAD8494B656C33AD856CBA1
                                          Function 008ED1CF Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2244486138.00000000008ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 008ED000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_8ed000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                          • Instruction ID: 22fc9bbff55712c26b86e587493594a65213c2b9f107047f812747efb1e57442
                                          • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                          • Instruction Fuzzy Hash: A711BB79504380DFCB01CF10C6C0B15BBA2FB85314F24C6A9D9498B2A6C33AE80ACB61
                                          Function 07F8F398 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f63c0dfd37766332237faafb45b754c96f8e80df4f9a6a5373b18cd71a32431f
                                          • Instruction ID: d4bf97f8d252fda964c8ca77a0a3676a3d024a55d8bd4d09820780b6c6350ed7
                                          • Opcode Fuzzy Hash: f63c0dfd37766332237faafb45b754c96f8e80df4f9a6a5373b18cd71a32431f
                                          • Instruction Fuzzy Hash: 1A11B3B1D006189BEB58DFABD9457DEFAF7AFC9300F14C06AD408B6264DB7409468FA1
                                          Function 07F870A8 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c896e57edf108b428baee513cd58a74bf7fdb73efb06c38a46b3f8d5baebe4a7
                                          • Instruction ID: de1ac232888ad9d0e0111d6db9457dd19f8568de6a1b109b24c10e0d0eec23bc
                                          • Opcode Fuzzy Hash: c896e57edf108b428baee513cd58a74bf7fdb73efb06c38a46b3f8d5baebe4a7
                                          • Instruction Fuzzy Hash: 6C119EB1108648DFD790FFA4E8847217FA2EB46304F3445D9E58A86602CBB7CDA38762
                                          Function 07F828C8 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 85aef38429dad92e24379404782e8f3b09e6cc73e8cdf4f97b74bc39f92ae5b4
                                          • Instruction ID: c905e7eb7fd34e32e54aefbdca65095dd3de25535d9b84a161eac28a226ae4f5
                                          • Opcode Fuzzy Hash: 85aef38429dad92e24379404782e8f3b09e6cc73e8cdf4f97b74bc39f92ae5b4
                                          • Instruction Fuzzy Hash: 2F115E70D0520ADFDB41EFA8C8505EEBFB2FF85304F1085AAD115EB356EB345A468B91
                                          Function 07F870B8 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4a3e0d3e8baefd33eb957bd227364a5118fbbb7f5a8fb90835f15dd066e41f59
                                          • Instruction ID: 66546e1b6679583e9ab563c537e322e51aa3cb7a25871c572fdc8a326cb15591
                                          • Opcode Fuzzy Hash: 4a3e0d3e8baefd33eb957bd227364a5118fbbb7f5a8fb90835f15dd066e41f59
                                          • Instruction Fuzzy Hash: A10169B1518608CBC790FFA4F8843217BB1FB4A304F3445D9E58A86641CBB7CEA38761
                                          Function 07F805CA Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c74f0eb453a98ffb01a03584609e3ed9714ed834834ae33f27ee29cf7ffb5325
                                          • Instruction ID: 222ee60ce5ec44c8a72cbdd48b2bbd192aff81e6740042cdfaca7e16f6ae924c
                                          • Opcode Fuzzy Hash: c74f0eb453a98ffb01a03584609e3ed9714ed834834ae33f27ee29cf7ffb5325
                                          • Instruction Fuzzy Hash: 540192B1E0121ACFEBA4BFB4C4187AD7AB1EB98311F5C5439C512B6280CF784985CFA5
                                          Function 07F828D8 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5ad3ce46b3103ec05f1b686536d426a6a3955f0b903d37d2f19e754b383efc5a
                                          • Instruction ID: 0eab160b5579319e2a2a1c84a5c8d76cbb48cf3eef424992f2ce0d4c1e99a939
                                          • Opcode Fuzzy Hash: 5ad3ce46b3103ec05f1b686536d426a6a3955f0b903d37d2f19e754b383efc5a
                                          • Instruction Fuzzy Hash: 3E010870D0020EDFDB44EFE8D9405AEBFB2FB88304F1085AAC119E7355EB345A419B81
                                          Function 07F87020 Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: babab972f3520772f86823871d5a4481c4008b2e788f32dead86ef9118a940bb
                                          • Instruction ID: 19e8c4d6c57d175a296283f2262ae0080033a4ddeadd5a53fe7af21f3bafc53a
                                          • Opcode Fuzzy Hash: babab972f3520772f86823871d5a4481c4008b2e788f32dead86ef9118a940bb
                                          • Instruction Fuzzy Hash: BA01D370500F14CFD324EF1AE188612BBF1FF88700741999DE2CA87A65DBB1B966CB44
                                          Function 07F84A62 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 01ccc027adda409ca244751e4e218915bf3b5cdadf6a0a86f4b858b430180732
                                          • Instruction ID: b2622b1c4aeae914b85d0e4aa6c248650098a64f7d8006ae60d3f1eac98c2f15
                                          • Opcode Fuzzy Hash: 01ccc027adda409ca244751e4e218915bf3b5cdadf6a0a86f4b858b430180732
                                          • Instruction Fuzzy Hash: 0CF0B42280E3D29FD7079B2488E06D17FB1EF27280B0D84EBC5C44F467C454691AC727
                                          Function 07F86469 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d1cfbd16226d3b554c163f03ee502f4f10f25c5f7d13ee2fcf40dfc483ef9cd2
                                          • Instruction ID: 09e1b87640aecbfc9da7ed56640b3031978910ec443e8cb2d1ac45040a95988f
                                          • Opcode Fuzzy Hash: d1cfbd16226d3b554c163f03ee502f4f10f25c5f7d13ee2fcf40dfc483ef9cd2
                                          • Instruction Fuzzy Hash: 79F090B1A0D261EBC7609B5095047A87B62DF4325AF1CC0B9E10ACF143DA7AC643CBA2
                                          Function 07F82FE4 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f0d8562a6936f36565c4d756a547d1b81ee0c68e53c57d700cf64e804dad811c
                                          • Instruction ID: eba9b4b6175cf511c16c80da8fb37a1200f84747d96f918c32467752280da529
                                          • Opcode Fuzzy Hash: f0d8562a6936f36565c4d756a547d1b81ee0c68e53c57d700cf64e804dad811c
                                          • Instruction Fuzzy Hash: 49F027B2708208CFCB4AA779EC9046D7F21FFD1705B08814ED5424E262DE789905C350
                                          Function 07F82F88 Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dfe2badf9b9250ea853decdaec4f5153111c53be2db72d3052a1d4e2610e1c3b
                                          • Instruction ID: fe00976ee4573c70488414425d83012496183aceee68e7480d2bb36554660f89
                                          • Opcode Fuzzy Hash: dfe2badf9b9250ea853decdaec4f5153111c53be2db72d3052a1d4e2610e1c3b
                                          • Instruction Fuzzy Hash: 27F0EC35300618D7C718F72AEC8189EBF5AFFC4720B50C51DE9094B341CE745D0982A1
                                          Function 07F8AF5F Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 19da8960c35401ba84e8e8310049caf06f33a5735640d7c30f5cde44543f8efc
                                          • Instruction ID: 77476ddade6016790db2fe9eb7b365a3eddd7da07ab608e31e93504a01bf8505
                                          • Opcode Fuzzy Hash: 19da8960c35401ba84e8e8310049caf06f33a5735640d7c30f5cde44543f8efc
                                          • Instruction Fuzzy Hash: A9E039B5D40109EFD740FF68C805ADABBF0AF08204F148466D019DB311E7748A02CB90
                                          Function 07F80625 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 21cc2a31500918a538b6973103ccfd6b7f88629f9c125b907cf0b01652d0aacb
                                          • Instruction ID: 1aca71d7332de4e3c36f069a3f56e5fef99852a9fd22efd12550c2553ef5e91f
                                          • Opcode Fuzzy Hash: 21cc2a31500918a538b6973103ccfd6b7f88629f9c125b907cf0b01652d0aacb
                                          • Instruction Fuzzy Hash: 0FF08270F0020ACBEBA4BFB5841879D7AA19F94311F589439C112A6290DFB44444CFA1
                                          Function 07F846D8 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 518822a624abaf239e4e457bcdcfb73ba6a424dbc23ef8d394a015c860cf57d2
                                          • Instruction ID: efffe11f036acc6eb1be824e5a31d508325648827732868ba009569202e8e005
                                          • Opcode Fuzzy Hash: 518822a624abaf239e4e457bcdcfb73ba6a424dbc23ef8d394a015c860cf57d2
                                          • Instruction Fuzzy Hash: C1E0C27079036ABBFA302F446D12F79368ED7C7F52F040021F7066E2C0DAE29C5042A5
                                          Function 07F84762 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: afea967d618926c4c9447e4c8d6bbc87e44e3576ac0885e54bd3724302787760
                                          • Instruction ID: 2e5a09d0a369564d3ef28f983f2ad1fb2fa32d49ad386765ade890f4f6a2819a
                                          • Opcode Fuzzy Hash: afea967d618926c4c9447e4c8d6bbc87e44e3576ac0885e54bd3724302787760
                                          • Instruction Fuzzy Hash: 7AD0C2E29651B78ADAA12F506D000BC2AA996823A170E006AC50A96180C6448D048762
                                          Function 07F8AF70 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a782532c04123beee056fcd197cc81f50c7a08a0b52d5c9e0a425bda2e98530b
                                          • Instruction ID: a72533edb65e813a2286b079508d17d70d3de12541eb853a731bcb4d143db61b
                                          • Opcode Fuzzy Hash: a782532c04123beee056fcd197cc81f50c7a08a0b52d5c9e0a425bda2e98530b
                                          • Instruction Fuzzy Hash: D4E0B6F5D4420ADFD780EFB9C905A9EBBF0BF08204F15C5AAD029E7211E7B496048F91
                                          Function 07F8E458 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ee678be0a88de8376c9d8885589c0166c2ca6c7f2fecf12d0b1dbf608cfad0b8
                                          • Instruction ID: e6b10dd37f3a46b2cdee913f7ada52ec9ba9fa8a92ed19bfb00e121b4c8ca2a2
                                          • Opcode Fuzzy Hash: ee678be0a88de8376c9d8885589c0166c2ca6c7f2fecf12d0b1dbf608cfad0b8
                                          • Instruction Fuzzy Hash: DAE0ECB4D14208DFC784EFB8D48569CBBF4EB08201F1041A9D94893240E7705E90CB51
                                          Function 07F89B5B Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 09f09d66b42e11fd840eecabb5db2ccc562417ddf262c9d24be3955a59914d35
                                          • Instruction ID: 92da2633a1a71c5ad68c51a14e6a5f4873b352dbd2d43b28301aac7c8247c0bd
                                          • Opcode Fuzzy Hash: 09f09d66b42e11fd840eecabb5db2ccc562417ddf262c9d24be3955a59914d35
                                          • Instruction Fuzzy Hash: 78D0126141A2805FC3436F50CC05CD27FB5FA171403154486D0858E033D116551A9BE3
                                          Function 07F80500 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d43cbefb5ad8ce831341cbb3073cc0f5a5f27b51971fd9e6e6800f0f8399661d
                                          • Instruction ID: 71e82b720506a7cb08237b4e22ed74252e1de70ba8e36290ba58ce5048520063
                                          • Opcode Fuzzy Hash: d43cbefb5ad8ce831341cbb3073cc0f5a5f27b51971fd9e6e6800f0f8399661d
                                          • Instruction Fuzzy Hash: 2BD0A7B1D0A38ADFFF22EB60EC910103F309E03318708C2DAC9808A597D95C5809CF2A
                                          Function 07F8DAD0 Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fdbb9d18661e376d48c042dc54d7de50403aed371268e8e3ee9ae140e15eea69
                                          • Instruction ID: 4a4a5b21b93e9973b3c1f553b1d9125a7ca4d72722bb35b1ae577b2150b7398e
                                          • Opcode Fuzzy Hash: fdbb9d18661e376d48c042dc54d7de50403aed371268e8e3ee9ae140e15eea69
                                          • Instruction Fuzzy Hash: B1C02B70044304C7C3003BA4F58C32433FDEB09302F004250F70D400D14BB04C41D671
                                          Function 07F89D64 Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 27e6de8f07681f55e84cd59798ae7056bb8524f614b38f38e9cbcd57e9cf0750
                                          • Instruction ID: 5f57920bc255e1ebb9c9182e3d18a8d18902ea38dc31e820b14d1cebc999a7fe
                                          • Opcode Fuzzy Hash: 27e6de8f07681f55e84cd59798ae7056bb8524f614b38f38e9cbcd57e9cf0750
                                          • Instruction Fuzzy Hash: 0FB0126A1F9140F3B5C43B6C8C48D2A7D41EFF6700F20EC06331424080C860C5A9F22F
                                          Function 07F82971 Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 87e682135735383c8afa7620b3965cf2c0aede7c4c39a40b4363961ec2f5c7ca
                                          • Instruction ID: c0feb351e2489fc96a12c61bc2ace8cc2f70869bbbe1a2d716c61e905a09b5f3
                                          • Opcode Fuzzy Hash: 87e682135735383c8afa7620b3965cf2c0aede7c4c39a40b4363961ec2f5c7ca
                                          • Instruction Fuzzy Hash: C1C0486288C2C94ACB569BA8A4092DA7F35AB96020F0944EAD8AE4A003A5290A51C792
                                          Function 07F82980 Relevance: .0, Instructions: 5COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3f39fc5ad7e1482fec7150080377e30eebe1a2345271a34ad6211aa51aafcc2a
                                          • Instruction ID: fa7643113959313eef91eb5806f28a603ac14977f12bc279f997ba8b4c2bd2ed
                                          • Opcode Fuzzy Hash: 3f39fc5ad7e1482fec7150080377e30eebe1a2345271a34ad6211aa51aafcc2a
                                          • Instruction Fuzzy Hash: 4E90023104860C8B464027957409555775DF588515F844861A90D415015A5968504595
                                          Function 07F86C90 Relevance: .0, Instructions: 3COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2258009940.0000000007F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_7f80000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 960588fdb42d93f3a7e96c32096fe099bec2e7760f622b93d760758f8db84627
                                          • Instruction ID: 9e31fc1e232137994d0e8a0ded062c35a0e462c3ea2813faa6ee23fd7b04181b
                                          • Opcode Fuzzy Hash: 960588fdb42d93f3a7e96c32096fe099bec2e7760f622b93d760758f8db84627
                                          • Instruction Fuzzy Hash: 18A022B8808200FFCB002F00C00C32C3F30EB0032CF008000E80282302CB380082AF00

                                          Execution Graph

                                          Execution Coverage:11.1%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:103
                                          Total number of Limit Nodes:12
                                          execution_graph 36030 64f3ad8 DuplicateHandle 36031 64f3b6e 36030->36031 35914 1040848 35916 104084e 35914->35916 35915 104091b 35916->35915 35920 64f2778 35916->35920 35924 64f2788 35916->35924 35928 10413a0 35916->35928 35921 64f2797 35920->35921 35933 64f1e54 35921->35933 35925 64f2797 35924->35925 35926 64f1e54 2 API calls 35925->35926 35927 64f27b8 35926->35927 35927->35916 35930 10413a6 35928->35930 35929 10414e2 35929->35916 35930->35929 35995 10489f8 35930->35995 36001 1047012 35930->36001 35934 64f1e5f 35933->35934 35937 64f362c 35934->35937 35936 64f413e 35936->35936 35938 64f3637 35937->35938 35939 64f4864 35938->35939 35941 64f60e8 35938->35941 35939->35936 35942 64f6109 35941->35942 35943 64f612d 35942->35943 35946 64f66c5 35942->35946 35950 64f66a0 35942->35950 35943->35939 35947 64f66cb 35946->35947 35949 64f66e6 35947->35949 35954 64f628c 35947->35954 35949->35943 35951 64f66ad 35950->35951 35952 64f66e6 35951->35952 35953 64f628c 2 API calls 35951->35953 35952->35943 35953->35952 35955 64f6297 35954->35955 35957 64f6758 35955->35957 35958 64f62c0 35955->35958 35957->35957 35959 64f62cb 35958->35959 35965 64f62d0 35959->35965 35961 64f6801 35961->35957 35964 64f67c7 35969 64fbb00 35964->35969 35975 64fbae8 35964->35975 35966 64f62db 35965->35966 35967 64f7a50 35966->35967 35968 64f60e8 2 API calls 35966->35968 35967->35964 35968->35967 35970 64fbb7d 35969->35970 35972 64fbb31 35969->35972 35970->35961 35971 64fbb3d 35971->35961 35972->35971 35980 64fbd68 35972->35980 35984 64fbd78 35972->35984 35977 64fbb00 35975->35977 35976 64fbb3d 35976->35961 35977->35976 35978 64fbd68 2 API calls 35977->35978 35979 64fbd78 2 API calls 35977->35979 35978->35976 35979->35976 35981 64fbd78 35980->35981 35987 64fbdb8 35981->35987 35982 64fbd82 35982->35970 35986 64fbdb8 2 API calls 35984->35986 35985 64fbd82 35985->35970 35986->35985 35988 64fbdbd 35987->35988 35989 64fbdfc 35988->35989 35993 64fc052 LoadLibraryExW 35988->35993 35994 64fc060 LoadLibraryExW 35988->35994 35989->35982 35990 64fbdf4 35990->35989 35991 64fc000 GetModuleHandleW 35990->35991 35992 64fc02d 35991->35992 35992->35982 35993->35990 35994->35990 35996 1048a02 35995->35996 35997 1048a1c 35996->35997 36006 651f9c0 35996->36006 36010 651fa30 35996->36010 36014 651fa40 35996->36014 35997->35930 36002 104702f 36001->36002 36003 1046fdf 36001->36003 36002->36001 36002->36003 36018 1047068 36002->36018 36022 104705a 36002->36022 36003->35930 36008 651f9c4 36006->36008 36007 651fc6a 36007->35997 36008->36007 36009 651fc80 GlobalMemoryStatusEx GlobalMemoryStatusEx 36008->36009 36009->36008 36012 651f9c4 36010->36012 36011 651fc6a 36011->35997 36012->36010 36012->36011 36013 651fc80 GlobalMemoryStatusEx GlobalMemoryStatusEx 36012->36013 36013->36012 36015 651fa55 36014->36015 36016 651fc6a 36015->36016 36017 651fc80 GlobalMemoryStatusEx GlobalMemoryStatusEx 36015->36017 36016->35997 36017->36015 36019 104707e 36018->36019 36026 10463e8 36019->36026 36023 104707e 36022->36023 36024 10463e8 CheckRemoteDebuggerPresent 36023->36024 36025 10470b1 36024->36025 36025->36002 36027 10470e0 CheckRemoteDebuggerPresent 36026->36027 36029 10470b1 36027->36029 36029->36002 36032 64f3890 36033 64f38d6 GetCurrentProcess 36032->36033 36035 64f3928 GetCurrentThread 36033->36035 36036 64f3921 36033->36036 36037 64f395e 36035->36037 36038 64f3965 GetCurrentProcess 36035->36038 36036->36035 36037->36038 36039 64f399b 36038->36039 36040 64f39c3 GetCurrentThreadId 36039->36040 36041 64f39f4 36040->36041 36042 64fdfb0 36043 64fe018 CreateWindowExW 36042->36043 36045 64fe0d4 36043->36045 36045->36045

                                          Executed Functions

                                          Function 065155C0 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 308 65155c0-65155dd 309 65155df-65155e2 308->309 310 65155e4-65155f9 309->310 311 65155fe-6515601 309->311 310->311 312 6515603-6515606 311->312 313 651560b-651560e 311->313 312->313 315 6515610-651561f 313->315 316 6515624-6515627 313->316 315->316 317 6515636-6515639 316->317 318 6515629-651562f 316->318 319 65156dc-65156e2 317->319 320 651563f-6515642 317->320 318->312 322 6515631 318->322 325 6515672-651567c 319->325 326 65156e4 319->326 323 6515644-6515645 320->323 324 651564a-651564d 320->324 322->317 323->324 327 651564f-6515653 324->327 328 651565e-6515661 324->328 334 6515683-6515685 325->334 329 65156e9-65156ec 326->329 330 6515659 327->330 331 651577a-6515787 327->331 332 6515663-651566c 328->332 333 651566d-6515670 328->333 335 65156f3-65156f6 329->335 336 65156ee-65156f0 329->336 330->328 333->325 337 651568a-651568d 333->337 334->337 338 65156f8-6515715 335->338 339 651571a-651571d 335->339 336->335 342 65156a1-65156a4 337->342 343 651568f-651569c 337->343 338->339 340 6515749-651574c 339->340 341 651571f-6515725 339->341 348 651575b-651575e 340->348 349 651574e-6515754 340->349 346 6515727-651572f 341->346 347 6515788-65157b3 341->347 344 65156b2-65156b5 342->344 345 65156a6-65156ad 342->345 343->342 351 65156d2-65156d5 344->351 352 65156b7-65156cd 344->352 345->344 346->347 353 6515731-651573e 346->353 365 65157bd-65157c0 347->365 355 6515760-6515763 348->355 356 6515768-651576a 348->356 349->341 354 6515756 349->354 351->349 361 65156d7-65156da 351->361 352->351 353->347 360 6515740-6515744 353->360 354->348 355->356 362 6515771-6515774 356->362 363 651576c 356->363 360->340 361->319 361->329 362->309 362->331 363->362 366 65157d1-65157d4 365->366 367 65157c2-65157cc 365->367 368 65157f6-65157f9 366->368 369 65157d6-65157da 366->369 367->366 373 6515811-6515814 368->373 374 65157fb-651580c 368->374 371 65157e0-65157e8 369->371 372 65158a2-65158b0 369->372 371->372 377 65157ee-65157f1 371->377 386 65158e0-65158e1 372->386 387 65158b2-65158dc 372->387 375 6515816-651581d 373->375 376 651581e-6515821 373->376 374->373 378 6515831-6515834 376->378 379 6515823-651582a 376->379 377->368 384 6515836-651583a 378->384 385 651584e-6515851 378->385 382 651589a-65158a1 379->382 383 651582c 379->383 383->378 384->372 388 651583c-6515844 384->388 390 6515853-6515857 385->390 391 651586b-651586e 385->391 392 65158e3-65158f6 386->392 393 65158f9-65158fc 386->393 389 65158de 387->389 388->372 394 6515846-6515849 388->394 389->386 390->372 395 6515859-6515861 390->395 396 6515870-6515874 391->396 397 6515888-651588a 391->397 398 6515906-6515909 393->398 399 65158fe-6515903 393->399 394->385 395->372 404 6515863-6515866 395->404 396->372 406 6515876-651587e 396->406 402 6515891-6515894 397->402 403 651588c 397->403 400 6515927-651592a 398->400 401 651590b-651591c 398->401 399->398 407 6515944-6515947 400->407 408 651592c-651593d 400->408 413 6515922 401->413 414 6515c97-6515ca8 401->414 402->365 402->382 403->402 404->391 406->372 409 6515880-6515883 406->409 411 6515991-6515b25 407->411 412 6515949-651594c 407->412 419 651595f-6515966 408->419 420 651593f 408->420 409->397 459 6515c5b-6515c6e 411->459 460 6515b2b-6515b32 411->460 416 651595a-651595d 412->416 417 651594e-6515955 412->417 413->400 414->419 427 6515cae 414->427 416->419 421 651596b-651596e 416->421 417->416 419->421 420->407 423 6515970-6515981 421->423 424 6515988-651598b 421->424 423->419 432 6515983 423->432 424->411 425 6515c71-6515c74 424->425 429 6515c92-6515c95 425->429 430 6515c76-6515c87 425->430 431 6515cb3-6515cb6 427->431 429->414 429->431 430->392 438 6515c8d 430->438 431->411 434 6515cbc-6515cbe 431->434 432->424 436 6515cc0 434->436 437 6515cc5-6515cc8 434->437 436->437 437->389 440 6515cce-6515cd7 437->440 438->429 461 6515be6-6515bed 460->461 462 6515b38-6515b6b 460->462 461->459 463 6515bef-6515c22 461->463 473 6515b70-6515bb1 462->473 474 6515b6d 462->474 475 6515c24 463->475 476 6515c27-6515c54 463->476 484 6515bb3-6515bc4 473->484 485 6515bc9-6515bd0 473->485 474->473 475->476 476->440 484->440 487 6515bd8-6515bda 485->487 487->440
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $
                                          • API String ID: 0-3993045852
                                          • Opcode ID: 4451534f683b3379469146c6ea8edd5a07f345bef200512184d0335297a57c40
                                          • Instruction ID: 356b58e14d237f457faffb156a00029f8b8ebb79d297affc2d77f91e3d69d7dc
                                          • Opcode Fuzzy Hash: 4451534f683b3379469146c6ea8edd5a07f345bef200512184d0335297a57c40
                                          • Instruction Fuzzy Hash: 3722B1B5E102199FEB60DBA4D4846AEBBB2FFC5310F24846AD446AB355EB31DC41CF90
                                          Function 06512342 Relevance: 1.0, Instructions: 1031COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 19a77f7ce42891d2aa9c419c57b51fa472465a3fc7e060d2e0137e93671129e2
                                          • Instruction ID: 8a0dd4359eea4e7dbfc64c9b13d25c0c9a40dfc61116110924e8648d5bcd1b8f
                                          • Opcode Fuzzy Hash: 19a77f7ce42891d2aa9c419c57b51fa472465a3fc7e060d2e0137e93671129e2
                                          • Instruction Fuzzy Hash: 5F922434A002058FEB64DF68C584A9DBBF2FB85314F5484AAD449AF361DB75ED86CF80
                                          Function 065165E8 Relevance: .8, Instructions: 830COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 793332ef19d2ccfe82a2eba29f69d8723b2ce94a278f9231c395dd65c65fb7be
                                          • Instruction ID: 28e57f18d8e0ecfb997d40a196395b38fc180a9c53c3236831ade9c07fff84a5
                                          • Opcode Fuzzy Hash: 793332ef19d2ccfe82a2eba29f69d8723b2ce94a278f9231c395dd65c65fb7be
                                          • Instruction Fuzzy Hash: 3A627A34A002058FEB54DB68D594AAEB7F2FB89314F148469E806EF395DB75ED42CF80
                                          Function 0651C190 Relevance: .6, Instructions: 642COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ad54d98465add81316f4da71e9cc7d76cca9b54dd73e5f094b1cbff59c0d774d
                                          • Instruction ID: 70cdfa532c4deac589ab6935cba4fb763534f9a839b293a074e8fb07b4dccdbe
                                          • Opcode Fuzzy Hash: ad54d98465add81316f4da71e9cc7d76cca9b54dd73e5f094b1cbff59c0d774d
                                          • Instruction Fuzzy Hash: 39326E34A402098FEB54DB68D880BAEB7B6FB89310F108529D515EF355DB7AEC42CF90
                                          Function 06513078 Relevance: .5, Instructions: 545COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: de26ab1b454580d4e748fe5088c0c902ce756894eaddf3077b1ff367b66858d0
                                          • Instruction ID: 1a6551b553134e43d1afda71203dd9041c71cd2d36d7a3a69236ae6e726950c9
                                          • Opcode Fuzzy Hash: de26ab1b454580d4e748fe5088c0c902ce756894eaddf3077b1ff367b66858d0
                                          • Instruction Fuzzy Hash: 4F321F34E1065ACBDB14EF74C89459DB7B6FFC9300F10C6AAD449AB264EF70A985CB80
                                          Function 06517D78 Relevance: .5, Instructions: 474COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6afbb6149a1da4da819ecd4d00612695983dac2513a6a616bf1cb1c67a7f3450
                                          • Instruction ID: 473e2902fc43f7525b9c37908e397ce8ffbbf73727c2821477b3523c964bb18e
                                          • Opcode Fuzzy Hash: 6afbb6149a1da4da819ecd4d00612695983dac2513a6a616bf1cb1c67a7f3450
                                          • Instruction Fuzzy Hash: 04029130B0161A8FEB64DB64D894AAEB7F2FF88300F248529D415AF355DB75ED42CB90
                                          Function 064F388A Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • GetCurrentProcess.KERNEL32 ref: 064F390E
                                          • GetCurrentThread.KERNEL32 ref: 064F394B
                                          • GetCurrentProcess.KERNEL32 ref: 064F3988
                                          • GetCurrentThreadId.KERNEL32 ref: 064F39E1
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346172847.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_64f0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: Current$ProcessThread
                                          • String ID:
                                          • API String ID: 2063062207-0
                                          • Opcode ID: b897070a9a2ee207cca2f66de71d775e6e4cc8c2ef7f41cf295906f00373accb
                                          • Instruction ID: a6d667bf0ba44fcec66e4f2581081e27259a37a524c8f905c66b609cf565e8e2
                                          • Opcode Fuzzy Hash: b897070a9a2ee207cca2f66de71d775e6e4cc8c2ef7f41cf295906f00373accb
                                          • Instruction Fuzzy Hash: 6F5156B090134ACFEB54CFAAD948B9EBBF1FF88314F208019E109A7351DB759944CBA5
                                          Function 064F3890 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • GetCurrentProcess.KERNEL32 ref: 064F390E
                                          • GetCurrentThread.KERNEL32 ref: 064F394B
                                          • GetCurrentProcess.KERNEL32 ref: 064F3988
                                          • GetCurrentThreadId.KERNEL32 ref: 064F39E1
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346172847.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_64f0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: Current$ProcessThread
                                          • String ID:
                                          • API String ID: 2063062207-0
                                          • Opcode ID: faecd6f1c95830aeb6d04dee09c0b638505f23a93c6d4e629455d5dffe84632e
                                          • Instruction ID: e56312aec993adb989ec72501f6b595f7164a6f07e3695d6803ba2b5ca3ac920
                                          • Opcode Fuzzy Hash: faecd6f1c95830aeb6d04dee09c0b638505f23a93c6d4e629455d5dffe84632e
                                          • Instruction Fuzzy Hash: D35146B0901349CFEB55CFAAD948B9EBBF1FF88314F208019E109A7351DB759944CB65
                                          Function 0651CF40 Relevance: 3.3, Strings: 2, Instructions: 803COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 47 651cf40-651cf5b 48 651cf5d-651cf60 47->48 49 651cf62-651cfa4 48->49 50 651cfa9-651cfac 48->50 49->50 51 651cff5-651cff8 50->51 52 651cfae-651cff0 50->52 54 651d041-651d044 51->54 55 651cffa-651d03c 51->55 52->51 56 651d046-651d088 54->56 57 651d08d-651d090 54->57 55->54 56->57 61 651d092-651d0a8 57->61 62 651d0ad-651d0b0 57->62 61->62 64 651d0b2-651d0f4 62->64 65 651d0f9-651d0fc 62->65 64->65 68 651d11f-651d122 65->68 69 651d0fe-651d11a 65->69 73 651d131-651d134 68->73 74 651d124-651d126 68->74 69->68 82 651d136-651d178 73->82 83 651d17d-651d180 73->83 80 651d429 74->80 81 651d12c 74->81 90 651d42c-651d438 80->90 81->73 82->83 86 651d182-651d1c4 83->86 87 651d1c9-651d1cc 83->87 86->87 87->90 91 651d1d2-651d1d5 87->91 94 651d28e-651d29d 90->94 95 651d43e-651d72b 90->95 98 651d1e4-651d1e7 91->98 99 651d1d7-651d1d9 91->99 104 651d2ac-651d2b8 94->104 105 651d29f-651d2a4 94->105 260 651d731-651d737 95->260 261 651d952-651d95c 95->261 111 651d230-651d233 98->111 112 651d1e9-651d22b 98->112 109 651d2e7-651d2f0 99->109 110 651d1df 99->110 106 651d95d-651d996 104->106 107 651d2be-651d2d0 104->107 105->104 135 651d998-651d99b 106->135 133 651d2d5-651d2d7 107->133 115 651d2f2-651d2f7 109->115 116 651d2ff-651d30b 109->116 110->98 118 651d235-651d244 111->118 119 651d27c-651d27f 111->119 112->111 115->116 127 651d311-651d325 116->127 128 651d41c-651d421 116->128 124 651d253-651d25f 118->124 125 651d246-651d24b 118->125 129 651d281-651d286 119->129 130 651d289-651d28c 119->130 124->106 134 651d265-651d277 124->134 125->124 127->80 149 651d32b-651d33d 127->149 128->80 129->130 130->94 130->133 140 651d2d9 133->140 141 651d2de-651d2e1 133->141 134->119 145 651d9aa-651d9ad 135->145 146 651d99d call 651dab5 135->146 140->141 141->48 141->109 147 651d9e0-651d9e3 145->147 148 651d9af-651d9db 145->148 157 651d9a3-651d9a5 146->157 152 651d9e5-651da01 147->152 153 651da06-651da08 147->153 148->147 162 651d361-651d363 149->162 163 651d33f-651d345 149->163 152->153 159 651da0a 153->159 160 651da0f-651da12 153->160 157->145 159->160 160->135 166 651da14-651da23 160->166 174 651d36d-651d379 162->174 168 651d347 163->168 169 651d349-651d355 163->169 176 651da25-651da88 call 6516598 166->176 177 651da8a-651da9f 166->177 171 651d357-651d35f 168->171 169->171 171->174 184 651d387 174->184 185 651d37b-651d385 174->185 176->177 187 651daa0 177->187 189 651d38c-651d38e 184->189 185->189 187->187 189->80 190 651d394-651d3b0 call 6516598 189->190 200 651d3b2-651d3b7 190->200 201 651d3bf-651d3cb 190->201 200->201 201->128 202 651d3cd-651d41a 201->202 202->80 262 651d746-651d74f 260->262 263 651d739-651d73e 260->263 262->106 264 651d755-651d768 262->264 263->262 266 651d942-651d94c 264->266 267 651d76e-651d774 264->267 266->260 266->261 268 651d783-651d78c 267->268 269 651d776-651d77b 267->269 268->106 270 651d792-651d7b3 268->270 269->268 273 651d7c2-651d7cb 270->273 274 651d7b5-651d7ba 270->274 273->106 275 651d7d1-651d7ee 273->275 274->273 275->266 278 651d7f4-651d7fa 275->278 278->106 279 651d800-651d819 278->279 281 651d935-651d93c 279->281 282 651d81f-651d846 279->282 281->266 281->278 282->106 285 651d84c-651d856 282->285 285->106 286 651d85c-651d873 285->286 288 651d882-651d89d 286->288 289 651d875-651d880 286->289 288->281 294 651d8a3-651d8bc call 6516598 288->294 289->288 298 651d8cb-651d8d4 294->298 299 651d8be-651d8c3 294->299 298->106 300 651d8da-651d92e 298->300 299->298 300->281
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 0M$0M
                                          • API String ID: 0-2734901036
                                          • Opcode ID: df2405e0348db7e4da40df5860eb4741fe0d9cb2cb0da18eb15194f53256e2c4
                                          • Instruction ID: c141f44fdc2a8a55504b68917f0d1c23ed283c7a3e05a8950899fffe5b91c1b2
                                          • Opcode Fuzzy Hash: df2405e0348db7e4da40df5860eb4741fe0d9cb2cb0da18eb15194f53256e2c4
                                          • Instruction Fuzzy Hash: CA624D30A0020ACFDB55EB68D590A5EB7F2FF85304F209A69D015AF359DB79ED46CB80
                                          Function 064FBDB8 Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 488 64fbdb8-64fbdd7 490 64fbdd9-64fbde6 call 64fad68 488->490 491 64fbe03-64fbe07 488->491 498 64fbdfc 490->498 499 64fbde8 490->499 492 64fbe1b-64fbe5c 491->492 493 64fbe09-64fbe13 491->493 500 64fbe5e-64fbe66 492->500 501 64fbe69-64fbe77 492->501 493->492 498->491 545 64fbdee call 64fc052 499->545 546 64fbdee call 64fc060 499->546 500->501 502 64fbe9b-64fbe9d 501->502 503 64fbe79-64fbe7e 501->503 505 64fbea0-64fbea7 502->505 506 64fbe89 503->506 507 64fbe80-64fbe87 call 64fad74 503->507 504 64fbdf4-64fbdf6 504->498 508 64fbf38-64fbff8 504->508 509 64fbea9-64fbeb1 505->509 510 64fbeb4-64fbebb 505->510 512 64fbe8b-64fbe99 506->512 507->512 540 64fbffa-64fbffd 508->540 541 64fc000-64fc02b GetModuleHandleW 508->541 509->510 513 64fbebd-64fbec5 510->513 514 64fbec8-64fbed1 call 64f439c 510->514 512->505 513->514 520 64fbede-64fbee3 514->520 521 64fbed3-64fbedb 514->521 522 64fbee5-64fbeec 520->522 523 64fbf01-64fbf0e 520->523 521->520 522->523 525 64fbeee-64fbefe call 64f9588 call 64fad84 522->525 529 64fbf31-64fbf37 523->529 530 64fbf10-64fbf2e 523->530 525->523 530->529 540->541 542 64fc02d-64fc033 541->542 543 64fc034-64fc048 541->543 542->543 545->504 546->504
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 064FC01E
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346172847.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_64f0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: 0bd586b81099d7472394ba413316e91ca191ecba6f7b841ba628838d308b9378
                                          • Instruction ID: d2156adf8e08a50eb298838cdb9339b3415500d9a6e51a7efffb0e79a3e3a174
                                          • Opcode Fuzzy Hash: 0bd586b81099d7472394ba413316e91ca191ecba6f7b841ba628838d308b9378
                                          • Instruction Fuzzy Hash: AA815270A10B058FD7A5DF6AC44075BBBF1FF89200F00892EE68ADBA50DB75E845CB91
                                          Function 064FDFA4 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 547 64fdfa4-64fe016 549 64fe018-64fe01e 547->549 550 64fe021-64fe028 547->550 549->550 551 64fe02a-64fe030 550->551 552 64fe033-64fe06b 550->552 551->552 553 64fe073-64fe0d2 CreateWindowExW 552->553 554 64fe0db-64fe113 553->554 555 64fe0d4-64fe0da 553->555 559 64fe115-64fe118 554->559 560 64fe120 554->560 555->554 559->560 561 64fe121 560->561 561->561
                                          APIs
                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 064FE0C2
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346172847.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_64f0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: CreateWindow
                                          • String ID:
                                          • API String ID: 716092398-0
                                          • Opcode ID: 13eceef737991abea1ec48ae610dee30b1e476854efcb4039c435f8c8ec4916e
                                          • Instruction ID: b73870bad82f70aa880e459d0bef7edd81546ab4d371ada396698ce2a7b4e41b
                                          • Opcode Fuzzy Hash: 13eceef737991abea1ec48ae610dee30b1e476854efcb4039c435f8c8ec4916e
                                          • Instruction Fuzzy Hash: 5151C2B1D10359EFDB14CF9AC884ADEBFB5BF48310F24812AE919AB210D7B59845CF90
                                          Function 064FDFB0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 562 64fdfb0-64fe016 563 64fe018-64fe01e 562->563 564 64fe021-64fe028 562->564 563->564 565 64fe02a-64fe030 564->565 566 64fe033-64fe0d2 CreateWindowExW 564->566 565->566 568 64fe0db-64fe113 566->568 569 64fe0d4-64fe0da 566->569 573 64fe115-64fe118 568->573 574 64fe120 568->574 569->568 573->574 575 64fe121 574->575 575->575
                                          APIs
                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 064FE0C2
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346172847.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_64f0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: CreateWindow
                                          • String ID:
                                          • API String ID: 716092398-0
                                          • Opcode ID: 1b649eac239eb065163500f508d4f3bde1bcc72c8883b458726c5ca9a09292b0
                                          • Instruction ID: 704a69d6f7a111438f7446801055025272a6ac9f59b577aa49baa75211afe491
                                          • Opcode Fuzzy Hash: 1b649eac239eb065163500f508d4f3bde1bcc72c8883b458726c5ca9a09292b0
                                          • Instruction Fuzzy Hash: 1641A2B1D10359EFDB14CF9AC984ADEBFB5BF48310F24812AE919AB210D7B59845CF90
                                          Function 010470D8 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 576 10470d8-10470dc 577 10470de-1047164 CheckRemoteDebuggerPresent 576->577 578 10470cf-10470d7 576->578 580 1047166-104716c 577->580 581 104716d-10471a8 577->581 578->576 580->581
                                          APIs
                                          • CheckRemoteDebuggerPresent.KERNELBASE(00000000,?), ref: 01047157
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3327211826.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_1040000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: CheckDebuggerPresentRemote
                                          • String ID:
                                          • API String ID: 3662101638-0
                                          • Opcode ID: 8739dd7792662b0e146510b639a5570698e4b7aeb0e92073b2e5b2dec36e5db4
                                          • Instruction ID: ffdab51841ac51960cbb2653238ad8b3ce2072c08e1097804d422d8f12befeea
                                          • Opcode Fuzzy Hash: 8739dd7792662b0e146510b639a5570698e4b7aeb0e92073b2e5b2dec36e5db4
                                          • Instruction Fuzzy Hash: 04318DB18053998FCB11CFA9C8807EEBFF1AF49210F19405AE494E7251C3789945CF61
                                          Function 0104F4FC Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 584 104f4fc-104f519 587 104f51f-104f5ac GlobalMemoryStatusEx 584->587 588 104f51b-104f51e 584->588 591 104f5b5-104f5dd 587->591 592 104f5ae-104f5b4 587->592 592->591
                                          APIs
                                          • GlobalMemoryStatusEx.KERNELBASE ref: 0104F59F
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3327211826.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_1040000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: GlobalMemoryStatus
                                          • String ID:
                                          • API String ID: 1890195054-0
                                          • Opcode ID: 715b68499ead0c0f35b2ce3ae76da2cfbc1c090d0d8ca93981af9b5596a599f4
                                          • Instruction ID: 51261df421a40dd1e0a0120eca16008952b3aa66e766406bf0a0b60e0b397972
                                          • Opcode Fuzzy Hash: 715b68499ead0c0f35b2ce3ae76da2cfbc1c090d0d8ca93981af9b5596a599f4
                                          • Instruction Fuzzy Hash: 302169B1C0425A9FDB14DFA9D44479EBBF4EF48320F10856AEA58A7240D7789941CBE1
                                          Function 010463E8 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 595 10463e8-1047164 CheckRemoteDebuggerPresent 598 1047166-104716c 595->598 599 104716d-10471a8 595->599 598->599
                                          APIs
                                          • CheckRemoteDebuggerPresent.KERNELBASE(00000000,?), ref: 01047157
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3327211826.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_1040000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: CheckDebuggerPresentRemote
                                          • String ID:
                                          • API String ID: 3662101638-0
                                          • Opcode ID: 63eb0c386fcbddcd89547fe17a9f32534c98d9ff69bb32f7b5ae20a39c240da0
                                          • Instruction ID: 758fb03239892e6ecb5c051833ce7b8d0ef9a06dfa49a37a59f28c33285e5d09
                                          • Opcode Fuzzy Hash: 63eb0c386fcbddcd89547fe17a9f32534c98d9ff69bb32f7b5ae20a39c240da0
                                          • Instruction Fuzzy Hash: A42148B1800259CFDB14CF9AD884BEEBBF4AF48220F14846AE559B3350D778A944CFA5
                                          Function 064F3AD0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 602 64f3ad0-64f3ad7 603 64f3ad8-64f3b6c DuplicateHandle 602->603 604 64f3b6e-64f3b74 603->604 605 64f3b75-64f3b92 603->605 604->605
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 064F3B5F
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346172847.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_64f0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 8b5b81f2d3d81227f4635818854f83e53431ccbee1b2ad19f663335f618a49ae
                                          • Instruction ID: 594b36c4e686dcd4c5efd505a5bbc9c557a74f8f9b6196742c5f434e759914fe
                                          • Opcode Fuzzy Hash: 8b5b81f2d3d81227f4635818854f83e53431ccbee1b2ad19f663335f618a49ae
                                          • Instruction Fuzzy Hash: 2D21E6B5D00249AFDB10CFAAD985ADEBFF8FB48310F14841AE914A7350D379A950CFA5
                                          Function 064F3AD8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 608 64f3ad8-64f3b6c DuplicateHandle 609 64f3b6e-64f3b74 608->609 610 64f3b75-64f3b92 608->610 609->610
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 064F3B5F
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346172847.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_64f0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: f60b5c4a1a96200deeafe4f9f83e06a7e62b73e389f5b6ad1227f3cd16f3ba39
                                          • Instruction ID: bf3804108f4a28527a003134deb258c6913205643edfbee324982eaf50d65cd1
                                          • Opcode Fuzzy Hash: f60b5c4a1a96200deeafe4f9f83e06a7e62b73e389f5b6ad1227f3cd16f3ba39
                                          • Instruction Fuzzy Hash: 6B21E4B5D002499FDB10CFAAD984ADEBBF4FB48320F14841AE914A3350D379A950CFA4
                                          Function 064FC21A Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 613 64fc21a-64fc260 615 64fc268-64fc297 LoadLibraryExW 613->615 616 64fc262-64fc265 613->616 617 64fc299-64fc29f 615->617 618 64fc2a0-64fc2bd 615->618 616->615 617->618
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,064FC099,00000800,00000000,00000000), ref: 064FC28A
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346172847.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_64f0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: 8d40569d7950e139940877d684e94b0a045d4aa3200e54ee65a750a5375e1142
                                          • Instruction ID: 6ef4551d1333c57340d6de239e92b461b500722a7e73b081bfe026f4bd6c186e
                                          • Opcode Fuzzy Hash: 8d40569d7950e139940877d684e94b0a045d4aa3200e54ee65a750a5375e1142
                                          • Instruction Fuzzy Hash: 941117B6C043499FDB10CFAAD884ADFFBF8EB48720F14851AE515A7200C3B9A544CFA5
                                          Function 064FADB0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 621 64fadb0-64fc260 623 64fc268-64fc297 LoadLibraryExW 621->623 624 64fc262-64fc265 621->624 625 64fc299-64fc29f 623->625 626 64fc2a0-64fc2bd 623->626 624->623 625->626
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,064FC099,00000800,00000000,00000000), ref: 064FC28A
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346172847.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_64f0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: bce7536c396df8c1aeeb04dd55793a4fae1604041241e7692635edaac6e3c1dc
                                          • Instruction ID: b0c058c12c04065a7acec743a0cd6bbd545f0353dc24cf8f7cd1a2aab43442eb
                                          • Opcode Fuzzy Hash: bce7536c396df8c1aeeb04dd55793a4fae1604041241e7692635edaac6e3c1dc
                                          • Instruction Fuzzy Hash: 3F11D3B6D043499FDB10CF9AD884ADFFBF4EB48720F11842AE519A7200C3B9A545CFA5
                                          Function 0104F538 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 629 104f538-104f5ac GlobalMemoryStatusEx 631 104f5b5-104f5dd 629->631 632 104f5ae-104f5b4 629->632 632->631
                                          APIs
                                          • GlobalMemoryStatusEx.KERNELBASE ref: 0104F59F
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3327211826.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_1040000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: GlobalMemoryStatus
                                          • String ID:
                                          • API String ID: 1890195054-0
                                          • Opcode ID: c50d23d2db4bbe58727fb1d180244b5f0f3e0d5bf6c5919756234b4c6d921621
                                          • Instruction ID: 3fdb37b90ea05f5bdf269ea01ecd4e92afca62beb6c7029b9d6f3427090c5f47
                                          • Opcode Fuzzy Hash: c50d23d2db4bbe58727fb1d180244b5f0f3e0d5bf6c5919756234b4c6d921621
                                          • Instruction Fuzzy Hash: F41114B1C0065A9FDB10DF9AC44479EFBF4AF48320F10816AD918A7240D378A950CFA5
                                          Function 064FBFB8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 064FC01E
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346172847.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_64f0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: e48ce21e7b0c32f9d11df0a87cdcc77947ba2abda1da2554d39335c9a18f57b3
                                          • Instruction ID: a8850505a815bb99f94aa563cb2af718485413892b5260cf28f9a66dcf5fea4c
                                          • Opcode Fuzzy Hash: e48ce21e7b0c32f9d11df0a87cdcc77947ba2abda1da2554d39335c9a18f57b3
                                          • Instruction Fuzzy Hash: 7A11D2B5C007498FDB14CF9AD444BDFFBF4AB88224F10841AD519A7210D3B9A545CFA5
                                          Function 0651FEE1 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: |
                                          • API String ID: 0-2343686810
                                          • Opcode ID: fba202e0bbff8a3c304b68cde2f63046c52c0f7920f6cd2d29b71faabb0d2bfd
                                          • Instruction ID: 3983d9192fa1f2033b8bc784cc406c2ac80b93162a6ab5127fc9beea1b133269
                                          • Opcode Fuzzy Hash: fba202e0bbff8a3c304b68cde2f63046c52c0f7920f6cd2d29b71faabb0d2bfd
                                          • Instruction Fuzzy Hash: 44116D75B002159FDB44EF789804AAE77F5EF48710F008469EA1AEB394EA749D018B90
                                          Function 0651FEF0 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: |
                                          • API String ID: 0-2343686810
                                          • Opcode ID: e0c6a402dae6d1fe2c9e1898ee9dda78454bba412d6b9cb1246807c456509bc8
                                          • Instruction ID: 88df19539baebc568dd9cba16211df59cfd868ce897c8794466dd6cb0adc1731
                                          • Opcode Fuzzy Hash: e0c6a402dae6d1fe2c9e1898ee9dda78454bba412d6b9cb1246807c456509bc8
                                          • Instruction Fuzzy Hash: 8F115E70B002159FDB44EF789804BAE77F5AF4C610F108469EA1AEB390EA759900CB90
                                          Function 0651B509 Relevance: .6, Instructions: 560COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4ac0d142cd97b1ecfcfa02cf378475b014b0b27dba34317c93d6bbb76aadb3f4
                                          • Instruction ID: 2390b3f2ae1558986519d1a1a9b022221e6786f9817ec6a294bb9c95220a45a5
                                          • Opcode Fuzzy Hash: 4ac0d142cd97b1ecfcfa02cf378475b014b0b27dba34317c93d6bbb76aadb3f4
                                          • Instruction Fuzzy Hash: FA224D34E001098FEF64DBA8D494BADBBB2FB85310F24852AE445EF396DA75DC81CB51
                                          Function 0651ACD0 Relevance: .4, Instructions: 391COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7de28ae35f404bfc8bc3a3e2e85364e7ba29d1a5d9edb4118dd22b29a57952d3
                                          • Instruction ID: 0e86617ea5b5a6651908fc3089690c89e9e04d3e40f4d43eed667fc4172d5edc
                                          • Opcode Fuzzy Hash: 7de28ae35f404bfc8bc3a3e2e85364e7ba29d1a5d9edb4118dd22b29a57952d3
                                          • Instruction Fuzzy Hash: 99E17E30E1120A8FEB69DB68D4806AEBBB2FF85304F208929D505AF355DB759D46CF90
                                          Function 06514297 Relevance: .2, Instructions: 247COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 34d5b32ad538f660295cfb135dd18acb9a40f7aea70fde2ca10655339cfdc530
                                          • Instruction ID: 34fd982ee5ed95624cf0a3d33f284de9974a27d75ebe6045086955e33ac9ea42
                                          • Opcode Fuzzy Hash: 34d5b32ad538f660295cfb135dd18acb9a40f7aea70fde2ca10655339cfdc530
                                          • Instruction Fuzzy Hash: 77915C34B0124A8FEB55DFA8D4546AEB7F2FF85300F158429D40AEF295EB74DC828B91
                                          Function 06519148 Relevance: .2, Instructions: 230COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 85b6ed9b5302378de149a2cdabe38dfcc9c66da8910963dfb314271d9ace86ec
                                          • Instruction ID: fa0a351cf6bc66a49bcc7de0e3b69445db97f5247b9e166512c3a385fedb574b
                                          • Opcode Fuzzy Hash: 85b6ed9b5302378de149a2cdabe38dfcc9c66da8910963dfb314271d9ace86ec
                                          • Instruction Fuzzy Hash: 4C912E34B0025A8FEB54DB65D8A0BAE77F6BFC5200F108569D40AEB348EF719D468F91
                                          Function 065161E8 Relevance: .2, Instructions: 229COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ae1e149ad1082713048488bb554f4bbdae87bd331a39013ee5cec8a339144f22
                                          • Instruction ID: 20e55a1b9f4ffddba36efd6dbbee16c2645843eb6965e3744f81dda314bf60e0
                                          • Opcode Fuzzy Hash: ae1e149ad1082713048488bb554f4bbdae87bd331a39013ee5cec8a339144f22
                                          • Instruction Fuzzy Hash: F261D171F001224BDF54AB6DCC8466FBADBAFC4610B254479E90ADF364DEA5EC028BC1
                                          Function 065145DC Relevance: .2, Instructions: 220COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c515fe1f124e90e31a7bedc19f733735ce18fdbcddda86fa3d3972055344bace
                                          • Instruction ID: 8b23475690e9bd6445f9f8b702f7e7b4c2b7f65c26408471e4fbb35ef43b5c52
                                          • Opcode Fuzzy Hash: c515fe1f124e90e31a7bedc19f733735ce18fdbcddda86fa3d3972055344bace
                                          • Instruction Fuzzy Hash: 55914D30E102198FEF60DF68C890B9DB7B1FF89314F208699D549BB255DB70AA85CF90
                                          Function 065145F0 Relevance: .2, Instructions: 210COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e27c24abda3f1a3e16dc29f71e190f33a6cd4562022a3899a48212328eee0d0f
                                          • Instruction ID: 6fabcf9749bcf1ace00bf83a4faefded183fff1dda5e65ccb1519698b647c57e
                                          • Opcode Fuzzy Hash: e27c24abda3f1a3e16dc29f71e190f33a6cd4562022a3899a48212328eee0d0f
                                          • Instruction Fuzzy Hash: 7E913E30E102198BEF60DF68C890B9DB7B1FF89314F208699D549BB255DB70AA85CF90
                                          Function 0651EB09 Relevance: .2, Instructions: 208COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8948d67ea08d69f82a31532ec20d8b852aa29dda69af328e3ae648cd27d7cac8
                                          • Instruction ID: 6e87eb946ee02e78178a4158ddd26f948b0ea7a6ad4058f2e811c75b7a4e9690
                                          • Opcode Fuzzy Hash: 8948d67ea08d69f82a31532ec20d8b852aa29dda69af328e3ae648cd27d7cac8
                                          • Instruction Fuzzy Hash: 8F713B70A002099FEB54DFA8D981AAEBBF6FF84304F148429E405EB355DB70ED46CB50
                                          Function 0651EB18 Relevance: .2, Instructions: 201COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 14a1042f4c0afe77b0b5a9887c723ee3aec6de513bf43fc4591c38019f09769e
                                          • Instruction ID: 838ce14f956ac0540ebab2423292196825afc8fc5afbce75517c635b00359011
                                          • Opcode Fuzzy Hash: 14a1042f4c0afe77b0b5a9887c723ee3aec6de513bf43fc4591c38019f09769e
                                          • Instruction Fuzzy Hash: 2071F970A002099FEB54EFA9D981A9EBBF6FF84304F148529D405EB365DB70ED46CB50
                                          Function 06514B88 Relevance: .2, Instructions: 186COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 18fdfa8a1b30b3795b9bd41f95d98235ef6207166bd6d4e09f7c27d741761eb8
                                          • Instruction ID: 4fdc438fce57decf883d28e14ad681351d76c01a889ba3790e15fcd4225f090c
                                          • Opcode Fuzzy Hash: 18fdfa8a1b30b3795b9bd41f95d98235ef6207166bd6d4e09f7c27d741761eb8
                                          • Instruction Fuzzy Hash: C8617D71E002199FEF549BA5D854BAEBBF6FB89300F20842AE106AB395DB754C45CF90
                                          Function 0651FC80 Relevance: .2, Instructions: 182COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 265b3d3ab456dd7fab6c8bf290f87159449fd61241be86c7bce33d49c4f0b29a
                                          • Instruction ID: 11544ff760c98d14c0a052f0ed892294f035321af2bcabb8ae69a978c07e8784
                                          • Opcode Fuzzy Hash: 265b3d3ab456dd7fab6c8bf290f87159449fd61241be86c7bce33d49c4f0b29a
                                          • Instruction Fuzzy Hash: CD51C031E0020A9FEB54AB78E8846ADBBF2FB84315F10896AE506DF251DB359945CB80
                                          Function 0651FA30 Relevance: .2, Instructions: 177COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9d8fa3f7ab8e19eeaec9b1627fa4671a9b403d88be33102ac4e9305b0f5ff60b
                                          • Instruction ID: f42885f728029ff091f5f974b4d436c51b087c26d83de421c9bc6aba58e6dfce
                                          • Opcode Fuzzy Hash: 9d8fa3f7ab8e19eeaec9b1627fa4671a9b403d88be33102ac4e9305b0f5ff60b
                                          • Instruction Fuzzy Hash: 58519130F141059BFF6466ACD89477E3A96E7C9710F20442AE50ACF396DEA9CC418BA1
                                          Function 0651FA40 Relevance: .2, Instructions: 163COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 09e12b5f07506a583ca62df5a9f2c85781a1e4b69c277515fa9e5d9040753a8b
                                          • Instruction ID: fcbe0ab0a71577df45bda03d831814030c3360639a76740abb3cef41c3ec284a
                                          • Opcode Fuzzy Hash: 09e12b5f07506a583ca62df5a9f2c85781a1e4b69c277515fa9e5d9040753a8b
                                          • Instruction Fuzzy Hash: 9351B630F141059BFF6466ACD85476F3A9AE7C9710F20442AE50ACF3D6DEADCC418BA1
                                          Function 0651913A Relevance: .2, Instructions: 161COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8f08985133c201b456bf4e91760b2191fdbd74a609e2048a1f4a625edfbdd2a0
                                          • Instruction ID: a3daaf0e1aa4999c00f0940f89230da4ce56e1509db4400f68f57c9ff0ca25e9
                                          • Opcode Fuzzy Hash: 8f08985133c201b456bf4e91760b2191fdbd74a609e2048a1f4a625edfbdd2a0
                                          • Instruction Fuzzy Hash: 9C514E34B011568FEB54DB64D8A1BAE73F6FFC9240F148569C40AEB358EB71DC428B91
                                          Function 06515438 Relevance: .1, Instructions: 137COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2852418e6f35fe73645cc3e9312103b2b8e7f7222e4ab52add915ff8a028228e
                                          • Instruction ID: e00fbbd6a95abfa574a9b71f383a13d2fcaaf4311cc096ce2f8026818c2569c3
                                          • Opcode Fuzzy Hash: 2852418e6f35fe73645cc3e9312103b2b8e7f7222e4ab52add915ff8a028228e
                                          • Instruction Fuzzy Hash: 93418471E006099FEB70CEA9D880AAFF7F2FB85310F10492AD156D7650E270E8558F91
                                          Function 06514B78 Relevance: .1, Instructions: 133COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 772262d1ac46b35e211c5d2bab7280a3963a208017c0bb2054b5de60d4504456
                                          • Instruction ID: 727844e3f03d81672f36993d473dd8f2682f35dbbd7cdda6c768d507e916efd4
                                          • Opcode Fuzzy Hash: 772262d1ac46b35e211c5d2bab7280a3963a208017c0bb2054b5de60d4504456
                                          • Instruction Fuzzy Hash: A8416F70B002189FEB559BA9C854BAEBBF6FF88300F208529E105AB395DB759C45CB90
                                          Function 0651DAB5 Relevance: .1, Instructions: 128COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 34c6c2fc806f6d038bc37f6bdd5e93df21462ab438fe2cc36bfee5abf9697979
                                          • Instruction ID: a0c4bf3cd661531118199485d4f40cd0717796c252523a4838513fa340c766d1
                                          • Opcode Fuzzy Hash: 34c6c2fc806f6d038bc37f6bdd5e93df21462ab438fe2cc36bfee5abf9697979
                                          • Instruction Fuzzy Hash: 23417030E102499FEB54DF65C8546AEBBB6FF85700F204A29E806EF240DB74D946CF81
                                          Function 065121C8 Relevance: .1, Instructions: 105COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b0ded19e699528de92854e8b1ce4667b74554811104f93b591e2745b7ea2beb1
                                          • Instruction ID: 7cc57ff8c71841509f16ed4ba5eb6b936967b7a2003a626f86a6bdd5cb06958b
                                          • Opcode Fuzzy Hash: b0ded19e699528de92854e8b1ce4667b74554811104f93b591e2745b7ea2beb1
                                          • Instruction Fuzzy Hash: 5231DE30B102068FEB58AB75C85466F7BA2BB89300F24482CD402EF395EF31CD86CB91
                                          Function 0651D968 Relevance: .1, Instructions: 101COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a3f9be59522b98909928fd24b9262b88de20fc1fa7623d932b81b27e97855c54
                                          • Instruction ID: 33284798b0ad7f1574881d6b66e8d7073e9aa24bb39b34ccfc3aac6d600101c1
                                          • Opcode Fuzzy Hash: a3f9be59522b98909928fd24b9262b88de20fc1fa7623d932b81b27e97855c54
                                          • Instruction Fuzzy Hash: FC318730A1471A9BDB15DF65D8906DEBBB6FF85304F108629E505AF304DB74A9468B80
                                          Function 06512078 Relevance: .1, Instructions: 97COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ed8e7352c5b4f6b5145cb299e98d7ccceded6757bf5836202417155b048c2710
                                          • Instruction ID: 446aae2afeba2aa6198be4dbf86d0c4a9fd087f8e6a97a882874e298abf92e7a
                                          • Opcode Fuzzy Hash: ed8e7352c5b4f6b5145cb299e98d7ccceded6757bf5836202417155b048c2710
                                          • Instruction Fuzzy Hash: 17316130E006059FDB55DFA4D85469EB7F6FF89310F108519E906EB350DB71AD82CB90
                                          Function 06512088 Relevance: .1, Instructions: 91COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5907ea8921cb35181e21ae348e4ffc24ad5680bf18e4d157b0bed7df613cb4bb
                                          • Instruction ID: 03f6559532d15728e856a2d557d77c66923980caae640a50f43145ad4452dd91
                                          • Opcode Fuzzy Hash: 5907ea8921cb35181e21ae348e4ffc24ad5680bf18e4d157b0bed7df613cb4bb
                                          • Instruction Fuzzy Hash: 84316030E002099FDB59DFA4D89469EB7F2FF89300F108529E916EB350EB71AD81CB90
                                          Function 06513AB8 Relevance: .1, Instructions: 83COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5722f7be77fc400bbda337b15f862e632977ff94e4523dc5a93c62c9191c305c
                                          • Instruction ID: cf13b8b7e42fcd73e1052b73e3ad63270730e71f83f5fa4f10f9c03ac3fa4c18
                                          • Opcode Fuzzy Hash: 5722f7be77fc400bbda337b15f862e632977ff94e4523dc5a93c62c9191c305c
                                          • Instruction Fuzzy Hash: 01315C75F012559FEB50DF79D890AAEBBF5FB88210F188069E905EB350EB35D8418B90
                                          Function 06513AC8 Relevance: .1, Instructions: 78COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e9c30e168999d3fcdc2fc5f35235e3560b9f53d672f44536700e0f5db2998f8c
                                          • Instruction ID: 9744a8607e0756e02b936834f1e243f694b0bfd3f4d95a4a778a9592348f8e7c
                                          • Opcode Fuzzy Hash: e9c30e168999d3fcdc2fc5f35235e3560b9f53d672f44536700e0f5db2998f8c
                                          • Instruction Fuzzy Hash: 26216D75F016159FEB50DF69D890AAEBBF5FB88710F148069E905EB350EB31D841CB90
                                          Function 0651A2FF Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8071b21de197447c430cbc0ea4216bc9f2217ecc933ac88cc53d5859a4dca58f
                                          • Instruction ID: e5d93b676cb662949f380d51a29ed245df6226294eb35e9b8012dc15cca2a2bd
                                          • Opcode Fuzzy Hash: 8071b21de197447c430cbc0ea4216bc9f2217ecc933ac88cc53d5859a4dca58f
                                          • Instruction Fuzzy Hash: FD01F130B161144FEB27A638D810B6F7BDAFB86B00F108829E50ACB341DA21DD028BA0
                                          Function 06513BD8 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7c9fc219927a9dba81d7dadc9720fc8d2425dd039246366be5582571041b8bc7
                                          • Instruction ID: 15ef011e41ffe297b2e7c9542e2cce5c2905704161ce9e768d18b47856e56aea
                                          • Opcode Fuzzy Hash: 7c9fc219927a9dba81d7dadc9720fc8d2425dd039246366be5582571041b8bc7
                                          • Instruction Fuzzy Hash: F0116D35B101294FEB54A679D8246AE73EBFBC9611F00853AD50AEB344EE29DC068BD1
                                          Function 0651ED88 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 68bfe70d573d92605af77185167763b33bf646734e4e344446dd76676a136331
                                          • Instruction ID: deb46ff552bd1748dc52e158d3619fbc120993007e9550e446646bc5a0f5145c
                                          • Opcode Fuzzy Hash: 68bfe70d573d92605af77185167763b33bf646734e4e344446dd76676a136331
                                          • Instruction Fuzzy Hash: D2012434B041111FEB62867C9852B6FBBDAEBC6710F18886EE50ACF341DD24DC424791
                                          Function 06513890 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0608735a85fcf7605b69e553ececbb92bdb9f586ddcd7b6e29f549728b02e020
                                          • Instruction ID: 3c3927261ba4439f36ce1ba16d1cd7e3629b6998259250dbfa27e6330547ea66
                                          • Opcode Fuzzy Hash: 0608735a85fcf7605b69e553ececbb92bdb9f586ddcd7b6e29f549728b02e020
                                          • Instruction Fuzzy Hash: 9721F4B5D01259AFDB00CF9AD884ADEFFB4FB48314F10812AE918B7200C375A954CFA5
                                          Function 06513E10 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1dbdbaaece02cbc4dc67268c278dd750a3e83e99b10d8906c514b9d96bd481d0
                                          • Instruction ID: e437fdfacf00435756f8da0319250bd2c60aebb7ea98e1640ce545fa8dc39184
                                          • Opcode Fuzzy Hash: 1dbdbaaece02cbc4dc67268c278dd750a3e83e99b10d8906c514b9d96bd481d0
                                          • Instruction Fuzzy Hash: F701D435B002124FEB65957C986072BB7DBEBC6710F14883EF50ACB345DD25DD4247A1
                                          Function 06513BC7 Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8c2e5f657b043338841d8393fcc14bb372f17b4a017aa90686c711a70ae21f24
                                          • Instruction ID: ef177ca327d6658daba6eb2395387beb2c6ae39571139d228cdb300e61d7301f
                                          • Opcode Fuzzy Hash: 8c2e5f657b043338841d8393fcc14bb372f17b4a017aa90686c711a70ae21f24
                                          • Instruction Fuzzy Hash: 5501B135B100254BEB98D668DC646EEB3ABEFC8200F048039C40BD7344EE259C038BD1
                                          Function 06513898 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1efcfaf15a8561b282a2a71b3e04d34eefccfe8c3ff39eb4c1be02b4e26c394f
                                          • Instruction ID: ef30b3b10c015a40414b6fee73ca97289a3085027b640e619ca8a1e1a5d025b5
                                          • Opcode Fuzzy Hash: 1efcfaf15a8561b282a2a71b3e04d34eefccfe8c3ff39eb4c1be02b4e26c394f
                                          • Instruction Fuzzy Hash: D511D3B1D012599FDB00CF9AD884ADEFBF4FB48324F10812AE518B7200C3756954CFA5
                                          Function 06513E20 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7a232f6b8e1dd3b7e02f727b58d48e0d0166080e93ea9f057baef889444abe8f
                                          • Instruction ID: 4cd065c003da3dac19761b77b62560f43405fbcb88e312a943a4d342ff1989d4
                                          • Opcode Fuzzy Hash: 7a232f6b8e1dd3b7e02f727b58d48e0d0166080e93ea9f057baef889444abe8f
                                          • Instruction Fuzzy Hash: 2501D134B002124BEB64A56DD46472FB7DBEBC9710F20893EE20ACB340EE61DD024B90
                                          Function 0651ED98 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5cf9a64d974827fb5a3ad71741fb7d9665f28c01343496b76ec63b28096a10e0
                                          • Instruction ID: ddedba46e244d7f7dc3281544da96f5a366b801bacb80d2e751d9594b5617a00
                                          • Opcode Fuzzy Hash: 5cf9a64d974827fb5a3ad71741fb7d9665f28c01343496b76ec63b28096a10e0
                                          • Instruction Fuzzy Hash: 8801AF35B000164BEB65967D9856B2FB7DAEBC9720F14883DE60ACF340DE65DC024B81
                                          Function 0651A310 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a28e045b9e5ec16ee0e7de4f5d722c58b1b1ed0193a7236b1dd57b34d9389810
                                          • Instruction ID: 1b67c0602b1ff4a81d127e2f3dc7556a20fca3d9bf5171ed5c9e17b96f2bfd8d
                                          • Opcode Fuzzy Hash: a28e045b9e5ec16ee0e7de4f5d722c58b1b1ed0193a7236b1dd57b34d9389810
                                          • Instruction Fuzzy Hash: 88013C35B111154FEB66AA7CD454B1EB3D6FBCAB14F20883CE10ACB344DA26DC028B80
                                          Function 065182BF Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 35d679212ab39d230beae76ed34a7ff7116505e0b02afcd7d8be260c0edc8e4f
                                          • Instruction ID: 2c34bc17c3e916751d9a0bfcafdcdff3d173427309bcc031a3c6e0b149aa7573
                                          • Opcode Fuzzy Hash: 35d679212ab39d230beae76ed34a7ff7116505e0b02afcd7d8be260c0edc8e4f
                                          • Instruction Fuzzy Hash: 23F05839A00104CFFF759B54ED442ACB7B4FB44251F1C0462C812AB154C3359983CB80
                                          Function 0651AF20 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c1b4cd74136b08856ece0bbcdb70b9ad54091ec245ea1f2722cd57391356c9b5
                                          • Instruction ID: 154be9d3f85e55de451f136d751069fea08ddcc13773925619481627e9cce83f
                                          • Opcode Fuzzy Hash: c1b4cd74136b08856ece0bbcdb70b9ad54091ec245ea1f2722cd57391356c9b5
                                          • Instruction Fuzzy Hash: 7DE09276E1021C9BEF2095A8984458EBBA9E785720F00053AE919E7200D631AC058791
                                          Function 06516468 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7b2de084ae8f765ded4d62041872024144317d5e9c085254c1a8676269c1087b
                                          • Instruction ID: c0ebece058efcf28dcd1cd1cd0c482190f408597534bcd695eb8caf8e7b652a2
                                          • Opcode Fuzzy Hash: 7b2de084ae8f765ded4d62041872024144317d5e9c085254c1a8676269c1087b
                                          • Instruction Fuzzy Hash: D9E0D871E1924D6FEF60CEB0D99575A7B6EFB46208F1048A5E444CF102E1B5DD1087A1
                                          Function 06514A71 Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.3346557640.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_6510000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 550343da858868449c1b3e3163f8a3911b66a36cbf9ff947901d8cabf4c3a0f1
                                          • Instruction ID: 829f32af37d986bed4f8227dcc0529e11857e688f6cd5a60f7f26297b1a89533
                                          • Opcode Fuzzy Hash: 550343da858868449c1b3e3163f8a3911b66a36cbf9ff947901d8cabf4c3a0f1
                                          • Instruction Fuzzy Hash: 68F0FE30A10219DFDB64DF90E869BAD7BB2FF44701F204529E402A7294CB741C45CFC0

                                          Execution Graph

                                          Execution Coverage:10.6%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:330
                                          Total number of Limit Nodes:16
                                          execution_graph 40143 dcd01c 40144 dcd034 40143->40144 40145 dcd08e 40144->40145 40150 50a1aa8 40144->40150 40155 50a1a97 40144->40155 40160 50a2809 40144->40160 40165 50a2818 40144->40165 40151 50a1ace 40150->40151 40153 50a2818 2 API calls 40151->40153 40154 50a2809 2 API calls 40151->40154 40152 50a1aef 40152->40145 40153->40152 40154->40152 40156 50a1ace 40155->40156 40158 50a2818 2 API calls 40156->40158 40159 50a2809 2 API calls 40156->40159 40157 50a1aef 40157->40145 40158->40157 40159->40157 40161 50a2845 40160->40161 40162 50a2877 40161->40162 40170 50a2990 40161->40170 40175 50a29a0 40161->40175 40166 50a2845 40165->40166 40167 50a2877 40166->40167 40168 50a2990 2 API calls 40166->40168 40169 50a29a0 2 API calls 40166->40169 40168->40167 40169->40167 40172 50a29b4 40170->40172 40171 50a2a40 40171->40162 40180 50a2a48 40172->40180 40183 50a2a58 40172->40183 40177 50a29b4 40175->40177 40176 50a2a40 40176->40162 40178 50a2a48 2 API calls 40177->40178 40179 50a2a58 2 API calls 40177->40179 40178->40176 40179->40176 40181 50a2a69 40180->40181 40186 50a4013 40180->40186 40181->40171 40184 50a2a69 40183->40184 40185 50a4013 2 API calls 40183->40185 40184->40171 40185->40184 40190 50a4030 40186->40190 40194 50a4040 40186->40194 40187 50a402a 40187->40181 40191 50a4040 40190->40191 40192 50a40da CallWindowProcW 40191->40192 40193 50a4089 40191->40193 40192->40193 40193->40187 40195 50a4089 40194->40195 40196 50a4082 40194->40196 40195->40187 40196->40195 40197 50a40da CallWindowProcW 40196->40197 40197->40195 40198 70d594f 40199 70d5955 40198->40199 40204 70d6058 40199->40204 40224 70d60c6 40199->40224 40245 70d6068 40199->40245 40200 70d5960 40205 70d6068 40204->40205 40265 70d630f 40205->40265 40272 70d6733 40205->40272 40277 70d65f1 40205->40277 40283 70d6751 40205->40283 40288 70d66d7 40205->40288 40293 70d67d4 40205->40293 40298 70d68d5 40205->40298 40303 70d6378 40205->40303 40309 70d649e 40205->40309 40315 70d675e 40205->40315 40321 70d683e 40205->40321 40326 70d69e3 40205->40326 40330 70d6420 40205->40330 40335 70d6cc1 40205->40335 40340 70d65c1 40205->40340 40345 70d688a 40205->40345 40350 70d6ce8 40205->40350 40206 70d60a6 40206->40200 40225 70d6054 40224->40225 40227 70d60c9 40224->40227 40228 70d630f 2 API calls 40225->40228 40229 70d6ce8 2 API calls 40225->40229 40230 70d688a 2 API calls 40225->40230 40231 70d65c1 2 API calls 40225->40231 40232 70d6cc1 2 API calls 40225->40232 40233 70d6420 2 API calls 40225->40233 40234 70d69e3 2 API calls 40225->40234 40235 70d683e 2 API calls 40225->40235 40236 70d675e 2 API calls 40225->40236 40237 70d649e 2 API calls 40225->40237 40238 70d6378 2 API calls 40225->40238 40239 70d68d5 2 API calls 40225->40239 40240 70d67d4 2 API calls 40225->40240 40241 70d66d7 2 API calls 40225->40241 40242 70d6751 2 API calls 40225->40242 40243 70d65f1 2 API calls 40225->40243 40244 70d6733 2 API calls 40225->40244 40226 70d60a6 40226->40200 40227->40200 40228->40226 40229->40226 40230->40226 40231->40226 40232->40226 40233->40226 40234->40226 40235->40226 40236->40226 40237->40226 40238->40226 40239->40226 40240->40226 40241->40226 40242->40226 40243->40226 40244->40226 40246 70d6082 40245->40246 40248 70d630f 2 API calls 40246->40248 40249 70d6ce8 2 API calls 40246->40249 40250 70d688a 2 API calls 40246->40250 40251 70d65c1 2 API calls 40246->40251 40252 70d6cc1 2 API calls 40246->40252 40253 70d6420 2 API calls 40246->40253 40254 70d69e3 2 API calls 40246->40254 40255 70d683e 2 API calls 40246->40255 40256 70d675e 2 API calls 40246->40256 40257 70d649e 2 API calls 40246->40257 40258 70d6378 2 API calls 40246->40258 40259 70d68d5 2 API calls 40246->40259 40260 70d67d4 2 API calls 40246->40260 40261 70d66d7 2 API calls 40246->40261 40262 70d6751 2 API calls 40246->40262 40263 70d65f1 2 API calls 40246->40263 40264 70d6733 2 API calls 40246->40264 40247 70d60a6 40247->40200 40248->40247 40249->40247 40250->40247 40251->40247 40252->40247 40253->40247 40254->40247 40255->40247 40256->40247 40257->40247 40258->40247 40259->40247 40260->40247 40261->40247 40262->40247 40263->40247 40264->40247 40266 70d6322 40265->40266 40269 70d6373 40265->40269 40266->40206 40267 70d645f 40267->40206 40269->40267 40355 70d52a4 40269->40355 40359 70d52b0 40269->40359 40273 70d6e99 40272->40273 40363 70d4b29 40273->40363 40367 70d4b30 40273->40367 40274 70d6eb7 40278 70d65fe 40277->40278 40280 70d65a8 40278->40280 40371 70d4568 40278->40371 40375 70d4570 40278->40375 40279 70d68b6 40279->40206 40280->40206 40284 70d66df 40283->40284 40379 70d4bee 40284->40379 40383 70d4bf0 40284->40383 40285 70d65a8 40285->40206 40289 70d66df 40288->40289 40291 70d4bee WriteProcessMemory 40289->40291 40292 70d4bf0 WriteProcessMemory 40289->40292 40290 70d65a8 40290->40206 40291->40290 40292->40290 40294 70d67fd 40293->40294 40296 70d4568 ResumeThread 40294->40296 40297 70d4570 ResumeThread 40294->40297 40295 70d68b6 40295->40206 40296->40295 40297->40295 40299 70d68f8 40298->40299 40301 70d4bee WriteProcessMemory 40299->40301 40302 70d4bf0 WriteProcessMemory 40299->40302 40300 70d6b1a 40301->40300 40302->40300 40304 70d63bb 40303->40304 40305 70d645f 40304->40305 40307 70d52a4 CreateProcessA 40304->40307 40308 70d52b0 CreateProcessA 40304->40308 40305->40206 40306 70d6580 40306->40206 40307->40306 40308->40306 40311 70d642c 40309->40311 40310 70d645f 40310->40206 40311->40310 40313 70d52a4 CreateProcessA 40311->40313 40314 70d52b0 CreateProcessA 40311->40314 40312 70d6580 40312->40206 40313->40312 40314->40312 40316 70d6776 40315->40316 40317 70d69dc 40316->40317 40319 70d4568 ResumeThread 40316->40319 40320 70d4570 ResumeThread 40316->40320 40317->40206 40318 70d68b6 40318->40206 40319->40318 40320->40318 40322 70d6cec 40321->40322 40387 70d4a58 40322->40387 40391 70d4a51 40322->40391 40323 70d6d07 40328 70d4a58 Wow64SetThreadContext 40326->40328 40329 70d4a51 Wow64SetThreadContext 40326->40329 40327 70d69fd 40328->40327 40329->40327 40331 70d642c 40330->40331 40333 70d52a4 CreateProcessA 40331->40333 40334 70d52b0 CreateProcessA 40331->40334 40332 70d6580 40332->40206 40333->40332 40334->40332 40336 70d6e2d 40335->40336 40395 70d4cd9 40336->40395 40399 70d4ce0 40336->40399 40337 70d6e52 40341 70d65d0 40340->40341 40343 70d4bee WriteProcessMemory 40341->40343 40344 70d4bf0 WriteProcessMemory 40341->40344 40342 70d6c4f 40342->40206 40343->40342 40344->40342 40346 70d6890 40345->40346 40348 70d4568 ResumeThread 40346->40348 40349 70d4570 ResumeThread 40346->40349 40347 70d68b6 40347->40206 40348->40347 40349->40347 40351 70d6cec 40350->40351 40353 70d4a58 Wow64SetThreadContext 40351->40353 40354 70d4a51 Wow64SetThreadContext 40351->40354 40352 70d6d07 40353->40352 40354->40352 40356 70d52b0 CreateProcessA 40355->40356 40358 70d54fb 40356->40358 40358->40358 40360 70d5339 CreateProcessA 40359->40360 40362 70d54fb 40360->40362 40362->40362 40364 70d4b30 VirtualAllocEx 40363->40364 40366 70d4bad 40364->40366 40366->40274 40368 70d4b70 VirtualAllocEx 40367->40368 40370 70d4bad 40368->40370 40370->40274 40372 70d4570 ResumeThread 40371->40372 40374 70d45e1 40372->40374 40374->40279 40376 70d45b0 ResumeThread 40375->40376 40378 70d45e1 40376->40378 40378->40279 40380 70d4bf0 WriteProcessMemory 40379->40380 40382 70d4c8f 40380->40382 40382->40285 40384 70d4c38 WriteProcessMemory 40383->40384 40386 70d4c8f 40384->40386 40386->40285 40388 70d4a9d Wow64SetThreadContext 40387->40388 40390 70d4ae5 40388->40390 40390->40323 40392 70d4a58 Wow64SetThreadContext 40391->40392 40394 70d4ae5 40392->40394 40394->40323 40396 70d4ce0 ReadProcessMemory 40395->40396 40398 70d4d6f 40396->40398 40398->40337 40400 70d4d2b ReadProcessMemory 40399->40400 40402 70d4d6f 40400->40402 40402->40337 40556 123d751 40557 123d714 DuplicateHandle 40556->40557 40559 123d75a 40556->40559 40558 123d726 40557->40558 40507 123acb0 40508 123acbf 40507->40508 40511 123ad97 40507->40511 40519 123ada8 40507->40519 40512 123adb9 40511->40512 40513 123addc 40511->40513 40512->40513 40527 123b030 40512->40527 40531 123b040 40512->40531 40513->40508 40514 123add4 40514->40513 40515 123afe0 GetModuleHandleW 40514->40515 40516 123b00d 40515->40516 40516->40508 40520 123adb9 40519->40520 40521 123addc 40519->40521 40520->40521 40525 123b030 LoadLibraryExW 40520->40525 40526 123b040 LoadLibraryExW 40520->40526 40521->40508 40522 123add4 40522->40521 40523 123afe0 GetModuleHandleW 40522->40523 40524 123b00d 40523->40524 40524->40508 40525->40522 40526->40522 40528 123b054 40527->40528 40530 123b079 40528->40530 40535 123a130 40528->40535 40530->40514 40532 123b054 40531->40532 40533 123a130 LoadLibraryExW 40532->40533 40534 123b079 40532->40534 40533->40534 40534->40514 40536 123b220 LoadLibraryExW 40535->40536 40538 123b299 40536->40538 40538->40530 40546 123d040 40547 123d086 GetCurrentProcess 40546->40547 40549 123d0d1 40547->40549 40550 123d0d8 GetCurrentThread 40547->40550 40549->40550 40551 123d115 GetCurrentProcess 40550->40551 40552 123d10e 40550->40552 40553 123d14b 40551->40553 40552->40551 40554 123d173 GetCurrentThreadId 40553->40554 40555 123d1a4 40554->40555 40403 50a6f40 40404 50a6f6d 40403->40404 40407 50a6ae8 40404->40407 40406 50a7018 40408 50a6af3 40407->40408 40411 50a6c0c 40408->40411 40410 50a7bf5 40410->40406 40412 50a6c17 40411->40412 40416 1237212 40412->40416 40420 1235c94 40412->40420 40413 50a7d8c 40413->40410 40417 1237253 40416->40417 40424 1235cc4 40417->40424 40419 12372c5 40419->40413 40421 1235c9f 40420->40421 40422 1235cc4 2 API calls 40421->40422 40423 12372c5 40422->40423 40423->40413 40426 1235ccf 40424->40426 40425 1238609 40425->40419 40426->40425 40428 123cd7c 40426->40428 40429 123cd99 40428->40429 40430 123cdbd 40429->40430 40433 123cf28 40429->40433 40437 123cf19 40429->40437 40430->40425 40434 123cf35 40433->40434 40435 123cf6f 40434->40435 40441 123bae0 40434->40441 40435->40430 40439 123cf35 40437->40439 40438 123cf6f 40438->40430 40439->40438 40440 123bae0 2 API calls 40439->40440 40440->40438 40443 123baeb 40441->40443 40442 123dc88 40443->40442 40445 123d2dc 40443->40445 40446 123d2e7 40445->40446 40447 1235cc4 2 API calls 40446->40447 40448 123dcf7 40447->40448 40452 123fa70 40448->40452 40458 123fa88 40448->40458 40449 123dd31 40449->40442 40454 123fbb9 40452->40454 40455 123fab9 40452->40455 40453 123fac5 40453->40449 40454->40449 40455->40453 40464 50a09b0 40455->40464 40468 50a09c0 40455->40468 40460 123fab9 40458->40460 40461 123fbb9 40458->40461 40459 123fac5 40459->40449 40460->40459 40462 50a09b0 2 API calls 40460->40462 40463 50a09c0 2 API calls 40460->40463 40461->40449 40462->40461 40463->40461 40465 50a09eb 40464->40465 40466 50a0a9a 40465->40466 40467 50a181a CreateWindowExW CreateWindowExW 40465->40467 40467->40466 40469 50a09eb 40468->40469 40470 50a0a9a 40469->40470 40471 50a181a CreateWindowExW CreateWindowExW 40469->40471 40471->40470 40472 1234668 40473 123467a 40472->40473 40477 1234686 40473->40477 40478 1234779 40473->40478 40475 12346a5 40483 1233e28 40477->40483 40479 123479d 40478->40479 40487 1234878 40479->40487 40491 1234888 40479->40491 40484 1233e33 40483->40484 40499 1235c44 40484->40499 40486 1237048 40486->40475 40488 12348af 40487->40488 40490 123498c 40488->40490 40495 12344b0 40488->40495 40493 12348af 40491->40493 40492 123498c 40492->40492 40493->40492 40494 12344b0 CreateActCtxA 40493->40494 40494->40492 40496 1235918 CreateActCtxA 40495->40496 40498 12359db 40496->40498 40498->40498 40500 1235c4f 40499->40500 40503 1235c64 40500->40503 40502 12370ed 40502->40486 40504 1235c6f 40503->40504 40505 1235c94 2 API calls 40504->40505 40506 12371c2 40505->40506 40506->40502 40539 70d7210 40540 70d739b 40539->40540 40542 70d7236 40539->40542 40542->40540 40543 70d2fd8 40542->40543 40544 70d7898 PostMessageW 40543->40544 40545 70d7904 40544->40545 40545->40542

                                          Executed Functions

                                          Function 0123D031 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • GetCurrentProcess.KERNEL32 ref: 0123D0BE
                                          • GetCurrentThread.KERNEL32 ref: 0123D0FB
                                          • GetCurrentProcess.KERNEL32 ref: 0123D138
                                          • GetCurrentThreadId.KERNEL32 ref: 0123D191
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2306858579.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_1230000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: Current$ProcessThread
                                          • String ID:
                                          • API String ID: 2063062207-0
                                          • Opcode ID: b19da5ae05b668247546dc569ca704c038884a024ccf8bf8575cfa2d3fd1e6a3
                                          • Instruction ID: d75cb652dcca1ab294a4821c03f91e7433494e01ec01453ef44409f09fb408f0
                                          • Opcode Fuzzy Hash: b19da5ae05b668247546dc569ca704c038884a024ccf8bf8575cfa2d3fd1e6a3
                                          • Instruction Fuzzy Hash: 775144B190034A8FEB54CFA9D548BDEBBF1EF88314F208459E509A7350DB78A985CB61
                                          Function 0123D040 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • GetCurrentProcess.KERNEL32 ref: 0123D0BE
                                          • GetCurrentThread.KERNEL32 ref: 0123D0FB
                                          • GetCurrentProcess.KERNEL32 ref: 0123D138
                                          • GetCurrentThreadId.KERNEL32 ref: 0123D191
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2306858579.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_1230000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: Current$ProcessThread
                                          • String ID:
                                          • API String ID: 2063062207-0
                                          • Opcode ID: 8412d5fa55924332b4f0ab26945d5b17c4d9780df50e76cc949cd0bd7e512fbd
                                          • Instruction ID: 3a9437faf20a63abb6f16fe6edd2b1eb08626838f4c5a66b002d2dbacbd64c5e
                                          • Opcode Fuzzy Hash: 8412d5fa55924332b4f0ab26945d5b17c4d9780df50e76cc949cd0bd7e512fbd
                                          • Instruction Fuzzy Hash: CF5145B090034ACFEB54DFA9D548B9EBBF1FF88314F208459E509A7350DB78A984CB65
                                          Function 070D52A4 Relevance: 1.8, APIs: 1, Instructions: 250processCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 94 70d52a4-70d5345 97 70d537e-70d539e 94->97 98 70d5347-70d5351 94->98 105 70d53d7-70d5406 97->105 106 70d53a0-70d53aa 97->106 98->97 99 70d5353-70d5355 98->99 100 70d5378-70d537b 99->100 101 70d5357-70d5361 99->101 100->97 103 70d5365-70d5374 101->103 104 70d5363 101->104 103->103 107 70d5376 103->107 104->103 112 70d543f-70d54f9 CreateProcessA 105->112 113 70d5408-70d5412 105->113 106->105 108 70d53ac-70d53ae 106->108 107->100 110 70d53d1-70d53d4 108->110 111 70d53b0-70d53ba 108->111 110->105 114 70d53bc 111->114 115 70d53be-70d53cd 111->115 126 70d54fb-70d5501 112->126 127 70d5502-70d5588 112->127 113->112 116 70d5414-70d5416 113->116 114->115 115->115 117 70d53cf 115->117 118 70d5439-70d543c 116->118 119 70d5418-70d5422 116->119 117->110 118->112 121 70d5424 119->121 122 70d5426-70d5435 119->122 121->122 122->122 123 70d5437 122->123 123->118 126->127 137 70d5598-70d559c 127->137 138 70d558a-70d558e 127->138 140 70d55ac-70d55b0 137->140 141 70d559e-70d55a2 137->141 138->137 139 70d5590 138->139 139->137 143 70d55c0-70d55c4 140->143 144 70d55b2-70d55b6 140->144 141->140 142 70d55a4 141->142 142->140 146 70d55d6-70d55dd 143->146 147 70d55c6-70d55cc 143->147 144->143 145 70d55b8 144->145 145->143 148 70d55df-70d55ee 146->148 149 70d55f4 146->149 147->146 148->149 151 70d55f5 149->151 151->151
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 070D54E6
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2326366119.00000000070D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_70d0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: a67b3e823dae67aef7e2d9ff174a50bb3cc1a24a438e866172aabc7e56d7aff1
                                          • Instruction ID: 6ea2ce1b096fe5dbd8ec06fbfab515adaf0aaf6f85ce753265a8cf8be0bb357f
                                          • Opcode Fuzzy Hash: a67b3e823dae67aef7e2d9ff174a50bb3cc1a24a438e866172aabc7e56d7aff1
                                          • Instruction Fuzzy Hash: E0A129B1D0031ADFEB15CF68CC417ADBBB2BF48314F1486A9E819A7240DBB49995CF91
                                          Function 070D52B0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 152 70d52b0-70d5345 154 70d537e-70d539e 152->154 155 70d5347-70d5351 152->155 162 70d53d7-70d5406 154->162 163 70d53a0-70d53aa 154->163 155->154 156 70d5353-70d5355 155->156 157 70d5378-70d537b 156->157 158 70d5357-70d5361 156->158 157->154 160 70d5365-70d5374 158->160 161 70d5363 158->161 160->160 164 70d5376 160->164 161->160 169 70d543f-70d54f9 CreateProcessA 162->169 170 70d5408-70d5412 162->170 163->162 165 70d53ac-70d53ae 163->165 164->157 167 70d53d1-70d53d4 165->167 168 70d53b0-70d53ba 165->168 167->162 171 70d53bc 168->171 172 70d53be-70d53cd 168->172 183 70d54fb-70d5501 169->183 184 70d5502-70d5588 169->184 170->169 173 70d5414-70d5416 170->173 171->172 172->172 174 70d53cf 172->174 175 70d5439-70d543c 173->175 176 70d5418-70d5422 173->176 174->167 175->169 178 70d5424 176->178 179 70d5426-70d5435 176->179 178->179 179->179 180 70d5437 179->180 180->175 183->184 194 70d5598-70d559c 184->194 195 70d558a-70d558e 184->195 197 70d55ac-70d55b0 194->197 198 70d559e-70d55a2 194->198 195->194 196 70d5590 195->196 196->194 200 70d55c0-70d55c4 197->200 201 70d55b2-70d55b6 197->201 198->197 199 70d55a4 198->199 199->197 203 70d55d6-70d55dd 200->203 204 70d55c6-70d55cc 200->204 201->200 202 70d55b8 201->202 202->200 205 70d55df-70d55ee 203->205 206 70d55f4 203->206 204->203 205->206 208 70d55f5 206->208 208->208
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 070D54E6
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2326366119.00000000070D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_70d0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: 91028795d6ed93d3dddaab55a8654d2df48653559a3c599d7d6963f3c847d12f
                                          • Instruction ID: d07a1049ebcebd48c363bfb6f5f67dacdae26bf874a3b8abcc31607a3f058f83
                                          • Opcode Fuzzy Hash: 91028795d6ed93d3dddaab55a8654d2df48653559a3c599d7d6963f3c847d12f
                                          • Instruction Fuzzy Hash: A99129B1D0031ADFEB15CF68CC417ADBBB2BB48314F1486A9E819A7240DBB49995CF91
                                          Function 0123ADA8 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 209 123ada8-123adb7 210 123ade3-123ade7 209->210 211 123adb9-123adc6 call 123a0cc 209->211 213 123adfb-123ae3c 210->213 214 123ade9-123adf3 210->214 216 123adc8 211->216 217 123addc 211->217 220 123ae49-123ae57 213->220 221 123ae3e-123ae46 213->221 214->213 264 123adce call 123b030 216->264 265 123adce call 123b040 216->265 217->210 222 123ae7b-123ae7d 220->222 223 123ae59-123ae5e 220->223 221->220 228 123ae80-123ae87 222->228 225 123ae60-123ae67 call 123a0d8 223->225 226 123ae69 223->226 224 123add4-123add6 224->217 227 123af18-123afd8 224->227 230 123ae6b-123ae79 225->230 226->230 259 123afe0-123b00b GetModuleHandleW 227->259 260 123afda-123afdd 227->260 231 123ae94-123ae9b 228->231 232 123ae89-123ae91 228->232 230->228 234 123aea8-123aeaa call 123a0e8 231->234 235 123ae9d-123aea5 231->235 232->231 239 123aeaf-123aeb1 234->239 235->234 240 123aeb3-123aebb 239->240 241 123aebe-123aec3 239->241 240->241 242 123aee1-123aeee 241->242 243 123aec5-123aecc 241->243 250 123af11-123af17 242->250 251 123aef0-123af0e 242->251 243->242 245 123aece-123aede call 123a0f8 call 123a108 243->245 245->242 251->250 261 123b014-123b028 259->261 262 123b00d-123b013 259->262 260->259 262->261 264->224 265->224
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 0123AFFE
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2306858579.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_1230000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: 765d24c4c81c90f06a53be46436a550216737d5473c6b004c93423fa1b381375
                                          • Instruction ID: 97942ad4375bfe8a49460543958a0672c01765727fafeb157d91e120ab3e6094
                                          • Opcode Fuzzy Hash: 765d24c4c81c90f06a53be46436a550216737d5473c6b004c93423fa1b381375
                                          • Instruction Fuzzy Hash: 1D8148B0A10B068FD724DF29C44579ABBF1FF88704F008A2DD586D7A51DB75E849CBA0
                                          Function 050A18E4 Relevance: 1.6, APIs: 1, Instructions: 120COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 266 50a18e4-50a1956 267 50a1958-50a195e 266->267 268 50a1961-50a1968 266->268 267->268 269 50a196a-50a1970 268->269 270 50a1973-50a1a12 CreateWindowExW 268->270 269->270 272 50a1a1b-50a1a53 270->272 273 50a1a14-50a1a1a 270->273 277 50a1a60 272->277 278 50a1a55-50a1a58 272->278 273->272 279 50a1a61 277->279 278->277 279->279
                                          APIs
                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 050A1A02
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2324535948.00000000050A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_50a0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: CreateWindow
                                          • String ID:
                                          • API String ID: 716092398-0
                                          • Opcode ID: 28c2c76b96eb1cf7b72584124fd8145a989afa01636b613cccfaf3f377feef45
                                          • Instruction ID: 9fcf997c0c96e54cefe70ecfdbc21faca93ea434d4b3ecd63ebdfd12453c97b4
                                          • Opcode Fuzzy Hash: 28c2c76b96eb1cf7b72584124fd8145a989afa01636b613cccfaf3f377feef45
                                          • Instruction Fuzzy Hash: 3D51D2B1D103499FDF14CFA9D884ADEBBB1BF48310F24812AE819AB210D7759985CF90
                                          Function 050A18F0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 280 50a18f0-50a1956 281 50a1958-50a195e 280->281 282 50a1961-50a1968 280->282 281->282 283 50a196a-50a1970 282->283 284 50a1973-50a1a12 CreateWindowExW 282->284 283->284 286 50a1a1b-50a1a53 284->286 287 50a1a14-50a1a1a 284->287 291 50a1a60 286->291 292 50a1a55-50a1a58 286->292 287->286 293 50a1a61 291->293 292->291 293->293
                                          APIs
                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 050A1A02
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2324535948.00000000050A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_50a0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: CreateWindow
                                          • String ID:
                                          • API String ID: 716092398-0
                                          • Opcode ID: 7fc3e165f0bcef0ddf9151baa1536dd4135ee6a568f16d6b3af515378ec57c83
                                          • Instruction ID: 6266e4a6ed27c0382fe4b6956edb7989072d579770a904a6653b5f50d7f1ee8c
                                          • Opcode Fuzzy Hash: 7fc3e165f0bcef0ddf9151baa1536dd4135ee6a568f16d6b3af515378ec57c83
                                          • Instruction Fuzzy Hash: 9241C0B1D10349AFDF14CF99D884ADEBBB5BF88310F24812AE819AB210D7709985CF90
                                          Function 0123590D Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 294 123590d-1235913 295 123591c-12359d9 CreateActCtxA 294->295 297 12359e2-1235a3c 295->297 298 12359db-12359e1 295->298 305 1235a4b-1235a4f 297->305 306 1235a3e-1235a41 297->306 298->297 307 1235a51-1235a5d 305->307 308 1235a60 305->308 306->305 307->308 310 1235a61 308->310 310->310
                                          APIs
                                          • CreateActCtxA.KERNEL32(?), ref: 012359C9
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2306858579.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_1230000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID:
                                          • API String ID: 2289755597-0
                                          • Opcode ID: 9c1e21511f16f1eb1b881ad6ddd646f0561c12ae9c9e7bcd7208d882c9fb7823
                                          • Instruction ID: fba201b8c793fd6dd3b8ba3c828dd411d32e561fd0cfc85653b7862402980518
                                          • Opcode Fuzzy Hash: 9c1e21511f16f1eb1b881ad6ddd646f0561c12ae9c9e7bcd7208d882c9fb7823
                                          • Instruction Fuzzy Hash: 2B41D5B1C0071DCBEB15CFA9C9847CEBBB5BF88714F20805AD508AB251DBB56946CF90
                                          Function 012344B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 311 12344b0-12359d9 CreateActCtxA 314 12359e2-1235a3c 311->314 315 12359db-12359e1 311->315 322 1235a4b-1235a4f 314->322 323 1235a3e-1235a41 314->323 315->314 324 1235a51-1235a5d 322->324 325 1235a60 322->325 323->322 324->325 327 1235a61 325->327 327->327
                                          APIs
                                          • CreateActCtxA.KERNEL32(?), ref: 012359C9
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2306858579.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_1230000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID:
                                          • API String ID: 2289755597-0
                                          • Opcode ID: f32238baec2db28a3298ef848f904678468f5b0e41b59662ea129e0f4150b2d6
                                          • Instruction ID: f795a3647f544c13e358c12dd79ac27d26accf47fae40df87973884805172ab3
                                          • Opcode Fuzzy Hash: f32238baec2db28a3298ef848f904678468f5b0e41b59662ea129e0f4150b2d6
                                          • Instruction Fuzzy Hash: C94104B0C1071DCBEB24CFA9C944B8EBBF5BF89714F60805AD508AB251DBB56945CF90
                                          Function 050A4040 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 328 50a4040-50a407c 329 50a412c-50a414c 328->329 330 50a4082-50a4087 328->330 336 50a414f-50a415c 329->336 331 50a40da-50a4112 CallWindowProcW 330->331 332 50a4089-50a40c0 330->332 333 50a411b-50a412a 331->333 334 50a4114-50a411a 331->334 339 50a40c9-50a40d8 332->339 340 50a40c2-50a40c8 332->340 333->336 334->333 339->336 340->339
                                          APIs
                                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 050A4101
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2324535948.00000000050A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_50a0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: CallProcWindow
                                          • String ID:
                                          • API String ID: 2714655100-0
                                          • Opcode ID: d646367bb1050dfedfca4eeb597d84196532b014a7554f8c08cc6f9109aa97fa
                                          • Instruction ID: d3160995f57d2bb37893ef43b0c489fb11337c12a53a9826a9f97d0aafca0e86
                                          • Opcode Fuzzy Hash: d646367bb1050dfedfca4eeb597d84196532b014a7554f8c08cc6f9109aa97fa
                                          • Instruction Fuzzy Hash: CF410BB9900305DFDB14CF99D448AAEBBF5FF88314F248459D519AB321D775A841CFA0
                                          Function 0123D751 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 342 123d751-123d758 343 123d714-123d724 DuplicateHandle 342->343 344 123d75a-123d87e 342->344 345 123d726-123d72c 343->345 346 123d72d-123d74a 343->346 345->346
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0123D717
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2306858579.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_1230000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 4ac0893a0c71588fce0be4d60d9a048d30308f786986aae5764dcb9589be2c75
                                          • Instruction ID: e983d026ac31778b90a7396208b5623d088eae8dcdfe96c50a491f038255a5ab
                                          • Opcode Fuzzy Hash: 4ac0893a0c71588fce0be4d60d9a048d30308f786986aae5764dcb9589be2c75
                                          • Instruction Fuzzy Hash: F2318D34E843849FE300DF61E84577ABBB5E788310F10897AE9159B3C8CEB4986BCB50
                                          Function 070D4BEE Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 360 70d4bee-70d4c3e 363 70d4c4e-70d4c8d WriteProcessMemory 360->363 364 70d4c40-70d4c4c 360->364 366 70d4c8f-70d4c95 363->366 367 70d4c96-70d4cc6 363->367 364->363 366->367
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 070D4C80
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2326366119.00000000070D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_70d0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: 44c5e97b5fcca92ffe738328d186c11653c1909bfcdef190e69fc144923662b6
                                          • Instruction ID: f18055dcc6d9a47bc8038b9cd2618ed3772395d18526c6119b67018d04eb5770
                                          • Opcode Fuzzy Hash: 44c5e97b5fcca92ffe738328d186c11653c1909bfcdef190e69fc144923662b6
                                          • Instruction Fuzzy Hash: 0D2127B59003599FDF50CFA9C885BDEBBF5FF48320F10842AE918A7240D778A950CBA5
                                          Function 070D4BF0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 371 70d4bf0-70d4c3e 373 70d4c4e-70d4c8d WriteProcessMemory 371->373 374 70d4c40-70d4c4c 371->374 376 70d4c8f-70d4c95 373->376 377 70d4c96-70d4cc6 373->377 374->373 376->377
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 070D4C80
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2326366119.00000000070D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_70d0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: 2b298f7fb1ebd8ed191806309ae8c3b983e33efa1bec1fbdb89cd07ca586951f
                                          • Instruction ID: 2a29e4d230ce4dd3d33afc0011e2e4eadbf2724cf5fed3635f940c602ad41c70
                                          • Opcode Fuzzy Hash: 2b298f7fb1ebd8ed191806309ae8c3b983e33efa1bec1fbdb89cd07ca586951f
                                          • Instruction Fuzzy Hash: 3F2127B59003599FDF50CFA9C885BDEBBF5FF48320F108429E918A7240D7789950CBA4
                                          Function 070D4A51 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 070D4AD6
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2326366119.00000000070D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_70d0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: afccfb56515cc612b2afb54aa66a89a5022d07779a7d5a6138ed6227c791a90f
                                          • Instruction ID: 7166924a341d3354f635ff51bc3cfb0aa06389a30eaf28977bb9402aae89585c
                                          • Opcode Fuzzy Hash: afccfb56515cc612b2afb54aa66a89a5022d07779a7d5a6138ed6227c791a90f
                                          • Instruction Fuzzy Hash: F92139B5D003099FDB10DFAAC4857EEBBF4EF88324F148429E959A7240DB789944CFA5
                                          Function 070D4CD9 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                          Download Yara Rule
                                          APIs
                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 070D4D60
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2326366119.00000000070D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_70d0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: MemoryProcessRead
                                          • String ID:
                                          • API String ID: 1726664587-0
                                          • Opcode ID: d2a5c3f15a5b469bf3ba1922942285d85c9fc7f9ddf703e5b6d84854d073c7ae
                                          • Instruction ID: bdb5d243e18c87ca36abf0bf5531f586885155393fda44fb34c546742640b066
                                          • Opcode Fuzzy Hash: d2a5c3f15a5b469bf3ba1922942285d85c9fc7f9ddf703e5b6d84854d073c7ae
                                          • Instruction Fuzzy Hash: 0B2127B1900349DFDB10DFAAC841BDEBBF5FF48320F14842AE918A7240D7789950CBA1
                                          Function 0123D689 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                          Download Yara Rule
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0123D717
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2306858579.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_1230000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 273e1b58f57d2488c50189f1fb36af0d31548a5ea62335456cdca151d65f7ec7
                                          • Instruction ID: e5fbe29a72fc582cdca82de7620b6259bd7e04561deb46917ecab07ddf4b9afd
                                          • Opcode Fuzzy Hash: 273e1b58f57d2488c50189f1fb36af0d31548a5ea62335456cdca151d65f7ec7
                                          • Instruction Fuzzy Hash: AC21E3B5D00249AFDB10CFAAD984AEEBFF5FB48324F14841AE914A3310D374A955CF60
                                          Function 070D4A58 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 070D4AD6
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2326366119.00000000070D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_70d0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: 7177a56ecd48bfc8f0a710d74cb60f092b9c24e899940152d9432668117862e6
                                          • Instruction ID: 97724997610a864b631a541ac25ffcef3d4f812de4c96cd8876292389c2e38d7
                                          • Opcode Fuzzy Hash: 7177a56ecd48bfc8f0a710d74cb60f092b9c24e899940152d9432668117862e6
                                          • Instruction Fuzzy Hash: B62149B1D003099FDB10DFAAC4857EEBBF4EF88324F148429E519A7240DB789944CFA5
                                          Function 070D4CE0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                          Download Yara Rule
                                          APIs
                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 070D4D60
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2326366119.00000000070D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_70d0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: MemoryProcessRead
                                          • String ID:
                                          • API String ID: 1726664587-0
                                          • Opcode ID: 96c7fa1d237de189d247bbb3c77d59e7e16a130a8eebc38dea9c726d3bdbea33
                                          • Instruction ID: 284fca570fd1ff559f65e12118d12e50ee7a61e41bef827d923884c6c6bbe22b
                                          • Opcode Fuzzy Hash: 96c7fa1d237de189d247bbb3c77d59e7e16a130a8eebc38dea9c726d3bdbea33
                                          • Instruction Fuzzy Hash: B321E9B19003599FDB10DFAAC841BDEBBF5FF48320F148429E519A7240D7759950CBA5
                                          Function 0123D690 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                          Download Yara Rule
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0123D717
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2306858579.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_1230000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 338bf0550768bf2234cbebe0c018b437db8c0121728c62511a78128b6f239639
                                          • Instruction ID: ebeebad08e6fc04fbd76a3a3217dcba25534cf65670a3def63ab38a180e05726
                                          • Opcode Fuzzy Hash: 338bf0550768bf2234cbebe0c018b437db8c0121728c62511a78128b6f239639
                                          • Instruction Fuzzy Hash: C421E4B5900249EFDB10CF9AD984ADEBFF4FB48320F14801AE914A3310D374A950CFA0
                                          Function 070D4B29 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 070D4B9E
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2326366119.00000000070D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_70d0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: d6e92105c663948b1b280351dafa7ff0fe93529da2eb2a7b02fa706c18cedcb2
                                          • Instruction ID: c7ad3ab962f2369e10362ef012ff0dde9ddcb0a5237468b62c77269a6a6bf184
                                          • Opcode Fuzzy Hash: d6e92105c663948b1b280351dafa7ff0fe93529da2eb2a7b02fa706c18cedcb2
                                          • Instruction Fuzzy Hash: 201167B58003499FDF10CFAAC841BDFBBF5AF88320F108419E915A7200CB75A950CBA1
                                          Function 070D4568 Relevance: 1.6, APIs: 1, Instructions: 56threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2326366119.00000000070D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_70d0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 3e56fc68637466ac9ad4dd72313dda255282f4d6509bc5c1b7f1542b47f1ddfc
                                          • Instruction ID: 8e21fa58300f4e475f869c886019561cad900cea8f4097e3e427c05fe8ffb9cb
                                          • Opcode Fuzzy Hash: 3e56fc68637466ac9ad4dd72313dda255282f4d6509bc5c1b7f1542b47f1ddfc
                                          • Instruction Fuzzy Hash: 641146B59003499BDB20DFAAC8457DFBBF4AF88224F20841AD519A7240CB79A944CFA5
                                          Function 0123A130 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0123B079,00000800,00000000,00000000), ref: 0123B28A
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2306858579.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_1230000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: 95c7f9174a644449f86823cf5cffc0d1d92c256df18063310d9523a03728d426
                                          • Instruction ID: e065b6c24e25d6acd8bf4d77b2b4d26dba720451aa7a02aca0b35e181a50ce42
                                          • Opcode Fuzzy Hash: 95c7f9174a644449f86823cf5cffc0d1d92c256df18063310d9523a03728d426
                                          • Instruction Fuzzy Hash: 3811E4B6D143099FDB10CF9AD444B9EFBF4EB88720F10852AE919A7200C7B5A545CFA5
                                          Function 0123B218 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0123B079,00000800,00000000,00000000), ref: 0123B28A
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2306858579.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_1230000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: f763091691171d94501b6e7eb26c8ac129bf25f1c493eae46698e35603b95f41
                                          • Instruction ID: a38f78d6a0918a00dd4c4a5b467d6e5cccbdada40a2064b7b4a2d935b0b0ab81
                                          • Opcode Fuzzy Hash: f763091691171d94501b6e7eb26c8ac129bf25f1c493eae46698e35603b95f41
                                          • Instruction Fuzzy Hash: 881114B6C002499FDB10CFAAC484BDEFBF5BB88320F10852AD519A7600C775A945CFA4
                                          Function 070D4B30 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 070D4B9E
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2326366119.00000000070D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_70d0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 9acb5c5df30bde64ccdbcb2c910ffd202d36003c5940f2190c2cf5c9a4484cef
                                          • Instruction ID: d2be98b56c8b1ced4ed810dc6cb38b77952e6f2a46966de37e778cb4c44a27c2
                                          • Opcode Fuzzy Hash: 9acb5c5df30bde64ccdbcb2c910ffd202d36003c5940f2190c2cf5c9a4484cef
                                          • Instruction Fuzzy Hash: F31156B29003499FDF10DFAAC845BDFBBF5EF88320F108419E919A7250CB75A950CBA0
                                          Function 070D4570 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2326366119.00000000070D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_70d0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 2a2cb43defa3be000a5d49012cc468629f361ae8d7d3237215c41eba09041ed4
                                          • Instruction ID: b52f957e7b0bc4990fd80a57d812e36f5afd45ac815fe5983bca9a4d9ec73230
                                          • Opcode Fuzzy Hash: 2a2cb43defa3be000a5d49012cc468629f361ae8d7d3237215c41eba09041ed4
                                          • Instruction Fuzzy Hash: 511136B5D003498FDB20DFAAC84579FFBF4AF88724F24841AD519A7240CB79A940CFA5
                                          Function 070D7891 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 070D78F5
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2326366119.00000000070D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_70d0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: MessagePost
                                          • String ID:
                                          • API String ID: 410705778-0
                                          • Opcode ID: ae53e3873f8f90e3d69e42dde8f9b4a0e0e644c80c3c77572b7fa1503ef3b36c
                                          • Instruction ID: 4906f226c6a1325dd7894d1755e3a4962a91932125fabb20ac5896aa38932cb8
                                          • Opcode Fuzzy Hash: ae53e3873f8f90e3d69e42dde8f9b4a0e0e644c80c3c77572b7fa1503ef3b36c
                                          • Instruction Fuzzy Hash: 2B11E0B98003499FDB50CF9AD845BDEFBF8FB48724F20841AE518A7600C375A984CFA1
                                          Function 070D2FD8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 070D78F5
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2326366119.00000000070D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_70d0000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: MessagePost
                                          • String ID:
                                          • API String ID: 410705778-0
                                          • Opcode ID: 9fde3bec252aefe6d0eb06a190dcab6a058280d36eadea8c6dce11417f8337ed
                                          • Instruction ID: cde5cf31f62f31d2f1037edbcb6be7f4e52f0dc3a2687456ca7a6124ee24d544
                                          • Opcode Fuzzy Hash: 9fde3bec252aefe6d0eb06a190dcab6a058280d36eadea8c6dce11417f8337ed
                                          • Instruction Fuzzy Hash: 0711F2B58003499FDB10DF9AC944BEFFBF8EB48724F108459E918A7200D3B5A954CFA1
                                          Function 0123AF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 0123AFFE
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2306858579.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_1230000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: 84ba879083ff23621bd1785288150b2bf70486aa5e375e3798f2b0464d64398c
                                          • Instruction ID: d5a8c35c91872af54a27687b4b606cc34af675867c7f39d6d56158a15d1e6fc5
                                          • Opcode Fuzzy Hash: 84ba879083ff23621bd1785288150b2bf70486aa5e375e3798f2b0464d64398c
                                          • Instruction Fuzzy Hash: 5C11E0B6C007498FDB14CF9AC544BDEFBF4AF88724F10842AD529A7610D379A545CFA1
                                          Function 06D433F8 Relevance: .4, Instructions: 427COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cf473a9032303d6477f8cc952b8f226b3b96ef42695cae7a2e509ff6956ba7b4
                                          • Instruction ID: 1a48b441aa8bc26038f16f786af1f3ef2ad11eb62deaf79c0d411f90a972b606
                                          • Opcode Fuzzy Hash: cf473a9032303d6477f8cc952b8f226b3b96ef42695cae7a2e509ff6956ba7b4
                                          • Instruction Fuzzy Hash: 75F19134F04208DFEB54ABAAD8597BDBAB2AF88310F154029E546DB3C5CE75CC41CB91
                                          Function 06D433E8 Relevance: .4, Instructions: 387COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d54274275d1a9d03978efe2fcbe9c7efe5a8c5f4b935d86c3d9b24585f6dc38b
                                          • Instruction ID: 33a81d6e0f0edcebb70215037788fa12068c4932f65629d7a25fe9083e3d1ebd
                                          • Opcode Fuzzy Hash: d54274275d1a9d03978efe2fcbe9c7efe5a8c5f4b935d86c3d9b24585f6dc38b
                                          • Instruction Fuzzy Hash: D5E1AF34F04204DFEB55AB6AD859BADBBB2AF88351F114429E546EB3C4CE708C41CB91
                                          Function 06D40040 Relevance: .2, Instructions: 219COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 78aadc10119b604a66473ab9d5d983fe43fa1cb5411ddb89e5ae2925b29d1a5c
                                          • Instruction ID: 11271af6d05fbdddb0e1df0563083ea72afd5910453e588a98723750a2affd1b
                                          • Opcode Fuzzy Hash: 78aadc10119b604a66473ab9d5d983fe43fa1cb5411ddb89e5ae2925b29d1a5c
                                          • Instruction Fuzzy Hash: C781D5347206118FCB54EF28D498A697BF6FF89604B2541A9E602CB3B5DB71EC01CB90
                                          Function 06D43707 Relevance: .2, Instructions: 206COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ffbeaac352bf17e83ff0d09665d6622edee918fee207c656cb3861cb85b24bba
                                          • Instruction ID: 881bebd4e3995f0880eda3d75a107a340704e800c2cfa707b64518885bbabd7d
                                          • Opcode Fuzzy Hash: ffbeaac352bf17e83ff0d09665d6622edee918fee207c656cb3861cb85b24bba
                                          • Instruction Fuzzy Hash: E5716D34F04204DFEB54AB7AE859B6DBBB2AF88350F118529E942DB3C5DE748C018B91
                                          Function 06D43FB8 Relevance: .2, Instructions: 206COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5c5678708e6f7c8b89209731b154acf46409206124d9bccb5ca741f6dbce2ce0
                                          • Instruction ID: 97ba38dce0838724928e2e72fc86a7d77b352b0944099347410c9d86698cd029
                                          • Opcode Fuzzy Hash: 5c5678708e6f7c8b89209731b154acf46409206124d9bccb5ca741f6dbce2ce0
                                          • Instruction Fuzzy Hash: 56813630E00208DFCB85EFA8C594BADBBF2EF44300F1585AAE055AB665DB74DE85CB51
                                          Function 06D44FDC Relevance: .2, Instructions: 202COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a3069eb5c2f0e0c6f685959ceb4ed11b200df1aadc64afa972a5199ceccc94c
                                          • Instruction ID: a811a35a0ad3b5f2acfb0ced0eaff2ed5a18afd871c418b4145c254a1ac69991
                                          • Opcode Fuzzy Hash: 3a3069eb5c2f0e0c6f685959ceb4ed11b200df1aadc64afa972a5199ceccc94c
                                          • Instruction Fuzzy Hash: EF719234E04208DFEBA4EB95E544BADB7B2FF41311F248116E542AB299CB70DC81CB91
                                          Function 06D43792 Relevance: .2, Instructions: 179COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3f790351b3d85bf6fd542cf93325eb1072b6085a3fdba29ba918e26fe43fcd6b
                                          • Instruction ID: a44918e4cf5b75a73abe0b57881f31c5aa5a15cceb4c949e2a531e13fc981bc2
                                          • Opcode Fuzzy Hash: 3f790351b3d85bf6fd542cf93325eb1072b6085a3fdba29ba918e26fe43fcd6b
                                          • Instruction Fuzzy Hash: D851AF34F04204DFEB59AB79E859B6DBBA2EF88351F118429F946DB3C5DE708C018B91
                                          Function 06D475D9 Relevance: .2, Instructions: 178COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 02405037e6eac46564a035dadd69375394b2a89024cffc3d18bcd5db3406f061
                                          • Instruction ID: 8001f7c8110c892b08363535bc035081f2ca9f6df901418475e779ede28a9ea7
                                          • Opcode Fuzzy Hash: 02405037e6eac46564a035dadd69375394b2a89024cffc3d18bcd5db3406f061
                                          • Instruction Fuzzy Hash: 9F717C31A05205CFDB98EF6CC584A69BBB3FB44310F55899AD0569B6A6C370ED40CBD0
                                          Function 06D46478 Relevance: .1, Instructions: 131COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7f2adcaab2cede73d05cb61232f450521ed5e92197a573d0af1b044910599b56
                                          • Instruction ID: 47f45b630819c1e97db6fd36862aa98e3e5c623269256d07eb98e32949aaaf15
                                          • Opcode Fuzzy Hash: 7f2adcaab2cede73d05cb61232f450521ed5e92197a573d0af1b044910599b56
                                          • Instruction Fuzzy Hash: 6441E871E092D4CFD750A768C4106BABFB59F47245F1480ABD15BCB286CA35CC42CB91
                                          Function 06D46F5A Relevance: .1, Instructions: 127COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 768817a7022ca5945521935b98b16768168e24979c740dca1f171654d8955315
                                          • Instruction ID: bc17e117862120294ca15c12fc011bd54f7760ae590c8941a69b03ba265808d0
                                          • Opcode Fuzzy Hash: 768817a7022ca5945521935b98b16768168e24979c740dca1f171654d8955315
                                          • Instruction Fuzzy Hash: 2641D67450DBC48FD323AB39A8545517FB4BF8720270A99CBC5C2CB6A3C6659919C723
                                          Function 06D4ECB8 Relevance: .1, Instructions: 126COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 43dcea41e139b1f72ebe1daa34b8e5fa820af95a0a300a7f9de67d35882e600a
                                          • Instruction ID: 7b554ab41f437e1ee410e86eedc6a7911f00d2fd317f5bc37ed0aa5e86a450b1
                                          • Opcode Fuzzy Hash: 43dcea41e139b1f72ebe1daa34b8e5fa820af95a0a300a7f9de67d35882e600a
                                          • Instruction Fuzzy Hash: AF411674E082189FEB48DFAAC5446EEBBF6BBCD300F14D169D459A3255D7308D41CBA4
                                          Function 06D40540 Relevance: .1, Instructions: 121COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 38dd07cba8d4ca7033401b0fafbd1fc220e87a4ff50fb27079c81bf2a2bcde3f
                                          • Instruction ID: 95de5b878a9f49ef9741698186dcd6fdf8a1e4f8dde048b6d513bd85b3693575
                                          • Opcode Fuzzy Hash: 38dd07cba8d4ca7033401b0fafbd1fc220e87a4ff50fb27079c81bf2a2bcde3f
                                          • Instruction Fuzzy Hash: 5D416D75E012588FEF54FBB5D4546EEBAB6EB88310F14582AD602B7340DE348982CBD6
                                          Function 06D40006 Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7513d6bb7351b90467818c86d5d595cc751325e4819ade44ff9b470d3c72726a
                                          • Instruction ID: acb5ba33dbcbeca560f65eb84b24a6d2755e62ae737d2d0d7bcd0126fa94cafe
                                          • Opcode Fuzzy Hash: 7513d6bb7351b90467818c86d5d595cc751325e4819ade44ff9b470d3c72726a
                                          • Instruction Fuzzy Hash: 13315E347556408FCB459B78C8989AD7BF6EF8A61070901EAE502CF3B2DA75DC06CB91
                                          Function 06D40530 Relevance: .1, Instructions: 84COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 83065e34ea36992af9efad0deedd7be5d26148137cad054d4073756dd4d5c00d
                                          • Instruction ID: 04c92c164871324b1618a2bd90dcdc45517c640afe03b8ad56ce5fff1d2f0601
                                          • Opcode Fuzzy Hash: 83065e34ea36992af9efad0deedd7be5d26148137cad054d4073756dd4d5c00d
                                          • Instruction Fuzzy Hash: 6631BF71E012558FEF54FB7580543EEBAB6EF88310F14583AC642AB380DE758982CBD6
                                          Function 06D461D0 Relevance: .1, Instructions: 82COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7444a6c2b93570ae9417d787281729f3b3a4e16552e3caf039e2fe52d652b57d
                                          • Instruction ID: 2fa47b63f6e8ed82c80c7fbe344e4e00eec7acb8f8604b00e7967963c0681fd8
                                          • Opcode Fuzzy Hash: 7444a6c2b93570ae9417d787281729f3b3a4e16552e3caf039e2fe52d652b57d
                                          • Instruction Fuzzy Hash: 2621E670E086E48FDBA49B69C95037AB7B2AF83211F148267E4A3C62D2C638DC41C791
                                          Function 00DBD1FC Relevance: .1, Instructions: 76COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2305124200.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_dbd000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bfa588fc407081f339e5b29899a59785f2f4a0d957ab6a8fd5ba8b12455b2aad
                                          • Instruction ID: d80fc6c89b7fca95917828dc2ae1d514d5f6660932932dddc49b149fc6f0af21
                                          • Opcode Fuzzy Hash: bfa588fc407081f339e5b29899a59785f2f4a0d957ab6a8fd5ba8b12455b2aad
                                          • Instruction Fuzzy Hash: 75212576504280EFDB05DF14D9C0B6ABF66FB88310F24C569ED4A0B256D376D816CBB1
                                          Function 00DBD4C4 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2305124200.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_dbd000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7d88ce9276efbb593591f8a89372f892369eba71e270d5f56bde5ed6862d7e15
                                          • Instruction ID: ee4a7477260cb61845112806fb572994e16fc91f4856dd2c98487febdc4e948e
                                          • Opcode Fuzzy Hash: 7d88ce9276efbb593591f8a89372f892369eba71e270d5f56bde5ed6862d7e15
                                          • Instruction Fuzzy Hash: 98214572504240EFCB24DF14D9C0B6ABFA6FB88318F24C169E90A0B256D336D816CAB1
                                          Function 06D407F8 Relevance: .1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4ed28a4698fb60c47f83c7596e8cb2ace0108b9035e11250277e37986a980d2c
                                          • Instruction ID: 1f7d81a7c0ad20fcdf38f5ef476f7657821820855a7b8b2a317103f8693e99d3
                                          • Opcode Fuzzy Hash: 4ed28a4698fb60c47f83c7596e8cb2ace0108b9035e11250277e37986a980d2c
                                          • Instruction Fuzzy Hash: E221B235A10209AFDF05AFA4D8949DEBFB6EF89300F054915F102BB260DF71A856CB90
                                          Function 06D47180 Relevance: .1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 420cc25767addc059a1c49cd889458edfd49234e9e735535077c7a343d851f0b
                                          • Instruction ID: 1c31602a5764e201968dff3a3937019a30239f8c2bde3ec4e2befa6c712b897f
                                          • Opcode Fuzzy Hash: 420cc25767addc059a1c49cd889458edfd49234e9e735535077c7a343d851f0b
                                          • Instruction Fuzzy Hash: 0B21D8706083849FF7619729EC60F6A7BB9EB85710F44156AF1839A281C7B4DE01C7A2
                                          Function 00DCD01C Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2305209918.0000000000DCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DCD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_dcd000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 979bbd307b9e545ec6349695f3b6f94b295f72f1c4d26832cc38cca6a5d0ebab
                                          • Instruction ID: 066cf5d02bf46727640f4b44cfbc263e2763901873af403afe35698d27bee806
                                          • Opcode Fuzzy Hash: 979bbd307b9e545ec6349695f3b6f94b295f72f1c4d26832cc38cca6a5d0ebab
                                          • Instruction Fuzzy Hash: 3621FF75604201EFCB14DF18D980F26BBA2EB84314F24C56DE94A0B292C37AD807DA71
                                          Function 00DCD1D4 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2305209918.0000000000DCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DCD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_dcd000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c60be89a95b1e78ecd940b0363242bae15adad1962a2a64b1fa0a3eec7308830
                                          • Instruction ID: 7c9c1df40fe01abca83ad930898d869dc0fd08b1146930595308f414a61a1f26
                                          • Opcode Fuzzy Hash: c60be89a95b1e78ecd940b0363242bae15adad1962a2a64b1fa0a3eec7308830
                                          • Instruction Fuzzy Hash: CD21FFB1504201EFDB05DF10D980F26FBA2FB84314F24C67DE9494B292C376D806CA61
                                          Function 00DCD005 Relevance: .1, Instructions: 62COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2305209918.0000000000DCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DCD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_dcd000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 55a5f1036edf55295e58d9e0f8a26d977c1d0c07e2c4750d0eed0b10d9e934cb
                                          • Instruction ID: d940960d1e25e2f23fd1a322eae2a1d45b1f5aafa071d6350f7d6e64c2e557a6
                                          • Opcode Fuzzy Hash: 55a5f1036edf55295e58d9e0f8a26d977c1d0c07e2c4750d0eed0b10d9e934cb
                                          • Instruction Fuzzy Hash: D22183755093C08FCB02CF24D990B15BF71EB46314F28C5EED8498B6A7C33A980ACB62
                                          Function 06D43C30 Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 603306a21d81f7da94c176b404172efd0ee045579c260fd8695fc73398d1b89b
                                          • Instruction ID: 739d684602ac6e203cd84be6e410fdd3fd19506defd6bc47c386b5afc2ab07fb
                                          • Opcode Fuzzy Hash: 603306a21d81f7da94c176b404172efd0ee045579c260fd8695fc73398d1b89b
                                          • Instruction Fuzzy Hash: 4E112E30A041A4DFE744976EA8197753FE5AB40305F15C0BAE545CB3C5DB768D43C791
                                          Function 00DBD1F7 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2305124200.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_dbd000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 45d2786e60e1e4201bb004dcd9f59ae96814e242b2a6b2dda49e09682ea99c03
                                          • Instruction ID: 9ce202efdc03cf9cf97d4d11a17167556ae0e3ddaea786023048618869ad973f
                                          • Opcode Fuzzy Hash: 45d2786e60e1e4201bb004dcd9f59ae96814e242b2a6b2dda49e09682ea99c03
                                          • Instruction Fuzzy Hash: 7521AF76504284DFCB06CF50D9C4B56BF72FB84314F28C5A9DC090B656C33AD826CBA1
                                          Function 00DBD4BF Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2305124200.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_dbd000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                          • Instruction ID: cd7321077fbee0952c22c53893b72d4764f99fda49c2bbae0833845919478bd5
                                          • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                          • Instruction Fuzzy Hash: 4311E676504284CFCB15CF10D5C4B5ABFB2FB94318F28C6A9D84A0B656C33AD856CBA1
                                          Function 06D49C6A Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9e000f43b1694d5617068c3ecf60b714b61f3e71b2949c4963dfad29b55ffc75
                                          • Instruction ID: 08d8fc199a5c1c37caf57b3baceab693069894d7bd809ea9aa954a27e4f73fb3
                                          • Opcode Fuzzy Hash: 9e000f43b1694d5617068c3ecf60b714b61f3e71b2949c4963dfad29b55ffc75
                                          • Instruction Fuzzy Hash: 2801ADB6A006054B9B54EF7A88449BFB7F7EFC8260764492ED829D7340EF308E058761
                                          Function 00DCD1CF Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2305209918.0000000000DCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DCD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_dcd000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                          • Instruction ID: aace4ca8a017880d23bbd22604d820ea44b8a3f39dce4612e001b60111645469
                                          • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                          • Instruction Fuzzy Hash: FA118B76504284DFCB15CF10D9C4B15FBA2FB84314F28C6AED8494B6A6C33AD84ACB61
                                          Function 06D4F398 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cc8306a9cfea6578c1b5b897d604d936065fafb2d1a88ce8ff4a6c0c01a0a10d
                                          • Instruction ID: 30722c6817634b5cb3f716fb485b6da8822bcb2276c11fd41bd590ee18e18b33
                                          • Opcode Fuzzy Hash: cc8306a9cfea6578c1b5b897d604d936065fafb2d1a88ce8ff4a6c0c01a0a10d
                                          • Instruction Fuzzy Hash: A511A2B1D006589BEB58DFABD9447DEFAF7AFC8300F14C06AD408B6268DB7509458FA1
                                          Function 06D470A8 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3bda30275601c79124f0240d0afa4a116015e780d4e38514f9ab2145f545ae0b
                                          • Instruction ID: 2080010cbdc736f92fe92c65282cb28802e420bf76ec4677635cc2d7f7e4ce08
                                          • Opcode Fuzzy Hash: 3bda30275601c79124f0240d0afa4a116015e780d4e38514f9ab2145f545ae0b
                                          • Instruction Fuzzy Hash: 8611A070209648CFE794EF66F4846317BB6FB08304F2054D9E5CA86641CB73CD628B82
                                          Function 06D4472C Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3405ed35aebe5727a642eae85ffdf1e745db82f6ab5dbc1807bfde55b0ec070c
                                          • Instruction ID: 0f4c9c8c46d11d6e6dc44ecd43be2e1f2bd57abe71b44726ebc49a77931e9557
                                          • Opcode Fuzzy Hash: 3405ed35aebe5727a642eae85ffdf1e745db82f6ab5dbc1807bfde55b0ec070c
                                          • Instruction Fuzzy Hash: A301B21285E3F09FD7572B386D701E63FA48C4716570A10CBD581CA4A3D9588A9DCBEA
                                          Function 06D470B8 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 67312c71723c70ca7549e70ac1356800304fd952ee41b825153464d7ef81c3e7
                                          • Instruction ID: 9fbedda26ae2d7e561d29006ff800a31d4d08bcb277fa7a60e1c2e08eddf0b79
                                          • Opcode Fuzzy Hash: 67312c71723c70ca7549e70ac1356800304fd952ee41b825153464d7ef81c3e7
                                          • Instruction Fuzzy Hash: DC016D30605608CFE794EF66F484231BBB6F708304B2094D9E58A86641CB73CE628B82
                                          Function 06D405CA Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e697e1cd6e3e6439e48b89d088ff95c14f37f430a055b76264abf0fa69f35cfb
                                          • Instruction ID: 0bc4eb845d330a9bf7eb8a5161e3856885ea8411a31198685b9d378782faa915
                                          • Opcode Fuzzy Hash: e697e1cd6e3e6439e48b89d088ff95c14f37f430a055b76264abf0fa69f35cfb
                                          • Instruction Fuzzy Hash: 27015B71E41259CFFB54BFA585183ED7AB6EB88311F14542AD202A6280DF784981CFE6
                                          Function 06D47020 Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 902723dcb6b58bb34a44e8564a575283b3be76d9c47e28fb330d96e7977d21f9
                                          • Instruction ID: a8c53c4e6d1f3b037c79dac5eef18734bae7cf630ce41ebe3afdafdd3eb617db
                                          • Opcode Fuzzy Hash: 902723dcb6b58bb34a44e8564a575283b3be76d9c47e28fb330d96e7977d21f9
                                          • Instruction Fuzzy Hash: 36010270500F08CFC324EF1AE588922BBF5FF88700741A99DD2CA83A64DB71B5248F45
                                          Function 06D46469 Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a13f6a2e83c693b1bea1768b78faeacf733661a440c1bdea66abd6ae636b91ac
                                          • Instruction ID: 12c477c57dbb99dd57fd101b5aaea89d7cb76b8b66c78c93845e691762f3c0e9
                                          • Opcode Fuzzy Hash: a13f6a2e83c693b1bea1768b78faeacf733661a440c1bdea66abd6ae636b91ac
                                          • Instruction Fuzzy Hash: 27F0C821A0D3E0ABDB615720C5147507FA69B473D9F1880EAD14A8F187DA36C942C7A2
                                          Function 06D42FE4 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8735479d565cad62e0dbeaac2e9fca64dcbc16f5192d09345e5a6e3a356c7d7d
                                          • Instruction ID: d2321782e321b4a92896dfce618e2cb0b05c47fad8bdfd34b9ba8a9d09c38b7b
                                          • Opcode Fuzzy Hash: 8735479d565cad62e0dbeaac2e9fca64dcbc16f5192d09345e5a6e3a356c7d7d
                                          • Instruction Fuzzy Hash: 0FF02772708204CFCB4AAB6AEC904AD7F22EFD0301744814EE5814E251CE788A05C390
                                          Function 06D42F88 Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f13f9c8fc3895b443e7b18f234c5616edfe9b9a150b80f74b82390013cbbac2d
                                          • Instruction ID: e2abc6306183c0929973aa2891ae5b3453462d89186816c30f2abb062f3e1fbb
                                          • Opcode Fuzzy Hash: f13f9c8fc3895b443e7b18f234c5616edfe9b9a150b80f74b82390013cbbac2d
                                          • Instruction Fuzzy Hash: D4F0A03630061897CA19FA2AED858AEBF5AEFC4321B40852DE9094B340CE745E0982A1
                                          Function 06D4AF5F Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aa6d61869cc9dc5c8dac0be9a28a2aafe948d4a541798aa35d60857cbcba323f
                                          • Instruction ID: a469a18d94dfa89b93569e69e02a0b93548956335b1ab1312ccbb0a49bb2cdda
                                          • Opcode Fuzzy Hash: aa6d61869cc9dc5c8dac0be9a28a2aafe948d4a541798aa35d60857cbcba323f
                                          • Instruction Fuzzy Hash: 84E039B5D91209EFD740FFA8C808ADABBF0AF48200F148469E019D7211E3708A058F91
                                          Function 06D40625 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7f14fc89fe13ccdf95ff67b9af1db2a4597469963e3bc9a90b5a71cc9deb41b3
                                          • Instruction ID: b38e941641bbbccdbd90854100b0e2a8822e9440eef41cce8041a519efffedbb
                                          • Opcode Fuzzy Hash: 7f14fc89fe13ccdf95ff67b9af1db2a4597469963e3bc9a90b5a71cc9deb41b3
                                          • Instruction Fuzzy Hash: 71F01230F4021ACFFB54BFB5941879D7AB2AF84351F10542DD202A6190DF744881CFD5
                                          Function 06D446D8 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6ab6470f78412ae3302ac64ce916234b38341424cce5de7a08fd70d3e35a5497
                                          • Instruction ID: 1a5fb35426df6875f1104963ae584eccf28a814b091093685b81938e7b8b8395
                                          • Opcode Fuzzy Hash: 6ab6470f78412ae3302ac64ce916234b38341424cce5de7a08fd70d3e35a5497
                                          • Instruction Fuzzy Hash: D5E0C230F88314BBFA7527446E12F76369DEB86B92F100026F706AE3C0DEE28C4182D5
                                          Function 06D4AF70 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 75586e2f900af58ead39cc6b9497c73c4cf87c8bae87a2de76546a6c20d6534b
                                          • Instruction ID: 9d6950a79135219584b2b6d64acf265a6f7b84753749bdd9639ff666dfb8e0d3
                                          • Opcode Fuzzy Hash: 75586e2f900af58ead39cc6b9497c73c4cf87c8bae87a2de76546a6c20d6534b
                                          • Instruction Fuzzy Hash: 56E0B6B4D4420AEFD780EFB9C905A9EBBF0BF48200F1585A9D019E7215E7B49A048F91
                                          Function 06D4E458 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4b6c81d60e6dd2f45a33b1b8fb33c1d56779d0bdb0599c2a13729800bceac57a
                                          • Instruction ID: 3351ba57b982a08bb15bd8c712f7528d24f267514ab2f4fbe2e088ea4ce92dd8
                                          • Opcode Fuzzy Hash: 4b6c81d60e6dd2f45a33b1b8fb33c1d56779d0bdb0599c2a13729800bceac57a
                                          • Instruction Fuzzy Hash: AEE01774D1020CEFCB84EFB8E58979CBBF5AB08201F1002A9D948E3345E7709E80DB92
                                          Function 06D4A54A Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6de5ed2a34c27f7df82ba15963ea3913725d7dfbe13fa140b5106848fb12435a
                                          • Instruction ID: 29e13cde99e295ab27e10b56021e03b9b6f15d87fcd258593945c6274f8480cc
                                          • Opcode Fuzzy Hash: 6de5ed2a34c27f7df82ba15963ea3913725d7dfbe13fa140b5106848fb12435a
                                          • Instruction Fuzzy Hash: 91D0CA6228E3D4AFE302923098288A26F308D9720430940DBE1919A09282090AA8CBB6
                                          Function 06D40500 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a72a7418ca1b5ad1a64300b73f13d1efe042fc33bb349c10c1e4f55ea8b79375
                                          • Instruction ID: 6efcb84c6975e75ad9e39a6ef3eeddd2b20a5b8fcd11811b6b5472681c0d8992
                                          • Opcode Fuzzy Hash: a72a7418ca1b5ad1a64300b73f13d1efe042fc33bb349c10c1e4f55ea8b79375
                                          • Instruction Fuzzy Hash: EAD05E75E492859FCF12E75CE8995593F34DE0231430451DA94408B697EE689407CB9A
                                          Function 06D46C90 Relevance: .0, Instructions: 3COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2325634510.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_6d40000_GrOcCQC.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1557846c53421dbb4341c83c0bc6dbcc9219913366e2d9edac445aea352b8074
                                          • Instruction ID: 2b210c36b5c8f8cedf80af3f57083ed09d1fedd577634432be89f3a400c12e9e
                                          • Opcode Fuzzy Hash: 1557846c53421dbb4341c83c0bc6dbcc9219913366e2d9edac445aea352b8074
                                          • Instruction Fuzzy Hash: 5AA00275849249FFE7505F51D04C76C7F72AF06329F009055A59352741CB7895849F42